Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: quay-v3.15.2
Affects Version/s: quay-v3.14.0
Component/s: quay-operator
Labels:
- triaged

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Affects:

User Experience
Estimated Difficulty:
Medium
Steps to Reproduce:
Hide

Login to Quay with an LDAP user: u.user.

Quay creates namespace: u_user.

As a superuser, apply a user search filter using u.user.

Quay uses u_user in LDAP query, which fails.

Expected (suggested): LDAP queries (especially by superusers) should use the actual LDAP username (u.user) rather than the namespace Quay generated (u_user).
Show
Login to Quay with an LDAP user: u.user . Quay creates namespace: u_user . As a superuser, apply a user search filter using u.user . Quay uses u_user in LDAP query, which fails. Expected (suggested): LDAP queries (especially by superusers) should use the actual LDAP username ( u.user ) rather than the namespace Quay generated ( u_user ).

Target Version:

quay-v3.15.2

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Impact Score:

In an LDAP-integrated Quay environment, when a user logs in for the first time with a username like u.user, Quay automatically suggests and creates a namespace in the form u_user.

Later, when a superuser applies a user filter (e.g., in the UI), the system appears to use the namespace name (u_user) to query LDAP instead of the real username (u.user). This results in a "not found" response, as LDAP has no user by the name u_user.

It seems that the user filter or search feature is using the namespace name Quay created/suggested — not the actual LDAP identity. This might be unintentional or may need adjustment, especially in environments relying on exact LDAP usernames.

This is based on observation — it’s possible this behavior is by design, but it causes practical issues in environments with dotted usernames and LDAP backends.