yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #05120
[Bug 1231488] Re: ldap config "user_id_attribute" is ignored
I suspect this is an issue with keystoneclient attempting to incorrectly
"guess" whether you're providing ID or name.
** Also affects: python-keystoneclient
Importance: Undecided
Status: New
** Changed in: python-keystoneclient
Importance: Undecided => High
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1231488
Title:
ldap config "user_id_attribute" is ignored
Status in OpenStack Identity (Keystone):
Invalid
Status in Python client library for Keystone:
New
Bug description:
I can sucessfully configure keystone LDAP settings and keystone user-
list works fine. Shows to me id, name, enabled and email correctly.
But when I do a "keystone user-get foo" the message shows:
No user with a name or ID of 'foo' exists.
The configuration file for user and ldap options are:
----
[ldap]
url = ldap://ldap.my.company.com
suffix = dc=my,dc=company,dc=com
objectClass = posixAccount
user_tree_dn = ou=people,dc=my,dc=company,dc=com
user_objectclass = posixAccount
user_unit = "People"
user_id_attribute = uid
user_name_attribute = cn
user_mail_attribute = mail
user_pass_attribute = userPassword
user_enabled_attribute = uidNumber
user_enabled_mask = 255
user_enabled_default = True
user_attribute_ignore = tenantId,tenants
user_allow_create = False
user_allow_update = False
user_allow_delete = False
----
I dont use Active Directory, so cn (the default user_id_attribute) is
the full user name and not a login. In my base login is uid.
If I do a keystone user-get "Full Name of Foo" works fine. But sorry
if is a mistake of me, but IMHO, should works with user_id_attribute
configured in config file.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1231488/+subscriptions
