yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1289062] Re: LDAP read only config options are ignored

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Eric Brown <browne@xxxxxxxxxx>
Date: Fri, 07 Mar 2014 15:34:24 -0000
Reply-to: Bug 1289062 <1289062@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

These are used.  I recently fixed a bug that is related.

See
https://github.com/openstack/keystone/blob/master/keystone/common/ldap/core.py#L298

** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1289062

Title:
  LDAP read only config options are ignored

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  The LDAP configuration includes a number of options such as:

  [ldap]
  user_allow_create = False
  user_allow_update = False
  user_allow_delete = False

  tenant_allow_create = True
  tenant_allow_update = True
  tenant_allow_delete = True

  role_allow_create = True
  role_allow_update = True
  role_allow_delete = True

  From what i can gather these were added in the Essex release but are
  currently being completely ignored. We either need to enforce these
  values or remove them from the configuration files as they are
  misleading to our  users.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1289062/+subscriptions

References

[Bug 1289062] [NEW] LDAP read only config options are ignored
From: Jamie Lennox, 2014-03-07