yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1231488] Re: ldap config "user_id_attribute" is ignored

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1231488@xxxxxxxxxxxxxxxxxx>
Date: Fri, 02 May 2014 14:38:45 -0000
Reply-to: Bug 1231488 <1231488@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Eric: Wow, fantastic analysis - thank you! I agree with your path
forward, although I'd be happy with (1) as an easy first step until
someone has time/interest to pursue (2), as the additional flexibility
would provide a better long term solution.

** Tags removed: havana-backport-potential
** Tags added: documentation

** Changed in: python-keystoneclient
       Status: Incomplete => Invalid

** Changed in: keystone
       Status: Incomplete => Triaged

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1231488

Title:
  ldap config "user_id_attribute" is ignored

Status in OpenStack Identity (Keystone):
  Triaged
Status in Python client library for Keystone:
  Invalid

Bug description:
  I can sucessfully configure keystone LDAP settings and keystone user-
  list works fine. Shows to me id, name, enabled and email correctly.
  But when I do a "keystone user-get foo" the message shows:

  No user with a name or ID of 'foo' exists.

  The configuration file for user and ldap options are:

  ----
  [ldap]
  url = ldap://ldap.my.company.com
  suffix = dc=my,dc=company,dc=com
  objectClass = posixAccount
  user_tree_dn = ou=people,dc=my,dc=company,dc=com
  user_objectclass = posixAccount
  user_unit = "People"
  user_id_attribute = uid
  user_name_attribute = cn
  user_mail_attribute = mail
  user_pass_attribute = userPassword
  user_enabled_attribute = uidNumber
  user_enabled_mask        = 255
  user_enabled_default     = True
  user_attribute_ignore = tenantId,tenants
  user_allow_create = False
  user_allow_update = False
  user_allow_delete = False
  ----

  I dont use Active Directory, so cn (the default user_id_attribute) is
  the full user name and not a login. In my base login is uid.

  If I do a keystone user-get "Full Name of Foo" works fine. But sorry
  if is a mistake of me, but IMHO, should works with user_id_attribute
  configured in config file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1231488/+subscriptions