yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #00515
[Bug 1063858] Re: LDAP identity driver does not support 'enabled'
** Changed in: keystone
Status: Fix Committed => Fix Released
** Changed in: keystone
Milestone: None => grizzly-3
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1063858
Title:
LDAP identity driver does not support 'enabled'
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
The current LDAP identity driver does not support the notion of
'enabled' for users/tenants and therefore when using LDAP as an
identity backend, this functionality is not provided. There is some
discussion of this issue in
https://bugs.launchpad.net/keystone/+bug/980085 however I don't see
the functionality was addressed as part of 980085. Moreover this issue
seems like it might be best tracked as its own defect so its not
masked in another defect and lost.
Here's a comment from keystone/identity/backends/ldap/core.py
regarding this issue:
# NOTE(ayoung): The RFC based schemas don't have a way to indicate
# 'enabled' the closest is the nsAccount lock, which is on defined to
# be part of any objectclass.
# in the future, we need to provide a way for the end user to
# indicate the field to use and what it indicates
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1063858/+subscriptions