← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #45764

[Bug 1336769] Re: LDAP additional attribute mappings description do not specify that they are for creation only

  Thread PreviousDate PreviousThread Next 
marking as invalid, since the options are deprecated, let's just remove
them

** Changed in: keystone
       Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1336769

Title:
  LDAP additional attribute mappings description do not specify that
  they are for creation only

Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  Additional attribute mappings can be used to map ldap attributes to
  internal keystone attributes. This allows keystone to fulfill ldap
  objectclass requirements. List of additional LDAP attributes used for
  mapping additional attribute mappings for users (or projects).
  Attribute mapping format is <ldap_attr>:<model_attr>, where ldap_attr
  is the attribute in the LDAP entry and model_attr is the Identity API
  attribute. (list value).

  So far so good. Now, following next steps:
  1- Apply this patch https://review.openstack.org/#/c/91490/

  2- Add this parameter to keystone.conf file
  tenant_additional_attribute_mapping = objectCategory:notexistingfield1, whenChanged:notexistingfield2

  3- Add  'objectCategory' and 'whenChanged' LDAP parameters to Project model on keystone/common/models.py
  class Project(Model):
      required_keys = ('id', 'name', 'domain_id')
      optional_keys = ('description', 'enabled', 'objectCategory', 'whenChanged')

  4- Restart keystone

  5- Execute this in command line:
  curl -H "X-Auth-Token:admin_token" http://localhost:5000/v3/projects

  Everything works perfectly!. you can see the info of  'objectCategory'
  and 'whenChanged' LDAP parameters in the JSON string returned by
  CURL... and it should not (I think) works, because "notexistingfield1"
  and "notexistingfield2" are not real fields.

  I have a mistake in the keystone.conf file and everything is working
  properly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1336769/+subscriptions

References

  Thread PreviousDate PreviousThread Next