yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1300089] Re: no default_project_id in ldap

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1300089@xxxxxxxxxxxxxxxxxx>
Date: Tue, 01 Apr 2014 16:16:27 -0000
Reply-to: Bug 1300089 <1300089@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Good to hear! FWIW, use of default_project_id is a bit of an anti-
pattern when compared to explicit role assignments on one or more
projects, hence it's ignored by default.

** Changed in: keystone
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1300089

Title:
  no default_project_id in ldap

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  There are two bugs when using LDAP to be identity driver in keystone 2013.2.2 release.
  1、In sql,the  user table has the field "extra",which include tenantid,and in release 2013.2.2,it added a field "default_project_id",so we can use /v2.0/user/{userid} to modify the default_project_id and the tenantid in extra. There is no problem when using sql driver.
      But when using ldap driver,there is no attribute default_project_id and extra in ldap,so there is no way to modify the default_project_id. The result is user information were modified except tenantid.

  2、Also when using the above API in ldap,keystone does not check if the
  tenantId  exits in the system. I think if the tenant does not exit,it
  need to return the error "The tenant id cannot be found"

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1300089/+subscriptions

References

[Bug 1300089] [NEW] There are two bugs when using LDAP to be the indentity driver
From: nethawk, 2014-03-31