yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1231488] Re: ldap config "user_id_attribute" is ignored

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Endre Karlson <1231488@xxxxxxxxxxxxxxxxxx>
Date: Tue, 08 Oct 2013 22:09:59 -0000
Reply-to: Bug 1231488 <1231488@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Basically the issue is that the user_id_attribute setting / option is
not getting honored for anything.

After talking to Adam this piece
https://github.com/openstack/keystone/blob/master/keystone/common/ldap/core.py#L261-L263
needs some change in order for this to work correctly. Currently this
being broken breaks all standard AD use-cases where 'sAMAccountName' is
the attribute for the login name instead of 'cn' as in a unux / linux
ldap.

** Changed in: keystone
       Status: Invalid => New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1231488

Title:
  ldap config "user_id_attribute" is ignored

Status in OpenStack Identity (Keystone):
  New
Status in Python client library for Keystone:
  New

Bug description:
  I can sucessfully configure keystone LDAP settings and keystone user-
  list works fine. Shows to me id, name, enabled and email correctly.
  But when I do a "keystone user-get foo" the message shows:

  No user with a name or ID of 'foo' exists.

  The configuration file for user and ldap options are:

  ----
  [ldap]
  url = ldap://ldap.my.company.com
  suffix = dc=my,dc=company,dc=com
  objectClass = posixAccount
  user_tree_dn = ou=people,dc=my,dc=company,dc=com
  user_objectclass = posixAccount
  user_unit = "People"
  user_id_attribute = uid
  user_name_attribute = cn
  user_mail_attribute = mail
  user_pass_attribute = userPassword
  user_enabled_attribute = uidNumber
  user_enabled_mask        = 255
  user_enabled_default     = True
  user_attribute_ignore = tenantId,tenants
  user_allow_create = False
  user_allow_update = False
  user_allow_delete = False
  ----

  I dont use Active Directory, so cn (the default user_id_attribute) is
  the full user name and not a login. In my base login is uid.

  If I do a keystone user-get "Full Name of Foo" works fine. But sorry
  if is a mistake of me, but IMHO, should works with user_id_attribute
  configured in config file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1231488/+subscriptions