yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1063858] Re: LDAP identity driver does not support 'enabled'

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 21 Feb 2013 08:43:46 -0000
Reply-to: Bug 1063858 <1063858@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => grizzly-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1063858

Title:
  LDAP identity driver does not support 'enabled'

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  The current LDAP identity driver does not support the notion of
  'enabled' for users/tenants and therefore when using LDAP as an
  identity backend, this functionality is not provided. There is some
  discussion of this issue in
  https://bugs.launchpad.net/keystone/+bug/980085 however I don't see
  the functionality was addressed as part of 980085. Moreover this issue
  seems like it might be best tracked as its own defect so its not
  masked in another defect and lost.

  Here's a comment from keystone/identity/backends/ldap/core.py
  regarding this issue:

      # NOTE(ayoung): The RFC based schemas don't have a way to indicate
      # 'enabled' the closest is the nsAccount lock, which is on defined to
      # be part of any objectclass.
      # in the future, we need to provide a way for the end user to
      # indicate the field to use and what it indicates

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1063858/+subscriptions