yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1542417] [NEW] ldap backend lacks support for user_description_attribute mapping

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Rudolf Vriend <rudolf.vriend@xxxxxxx>
Date: Fri, 05 Feb 2016 17:17:29 -0000
Reply-to: Bug 1542417 <1542417@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The LDAP backend supports mapping between LDAP and keystone user
attributes via the 'user_<attribute>_name' settings in the ldap driver
configuration.

The implementation is incomplete, since there is no support for
specifying a 'user_description_attribute' setting.

As long as the LDAP attribute name is 'description', one could specify a
1:1 'user_additional_attribute_mapping = description:description'
mapping as a workaround, which would yield the desired result.

In case a users full name is stored in a different attribute (as with
many AD backends where the users full name is contained in the
'displayName' attribute) there is no way to specify this mapping and
results in users having no description.

** Affects: keystone
     Importance: Undecided
     Assignee: Rudolf Vriend (rudolf-vriend)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Rudolf Vriend (rudolf-vriend)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1542417

Title:
  ldap backend lacks support for user_description_attribute mapping

Status in OpenStack Identity (keystone):
  New

Bug description:
  The LDAP backend supports mapping between LDAP and keystone user
  attributes via the 'user_<attribute>_name' settings in the ldap driver
  configuration.

  The implementation is incomplete, since there is no support for
  specifying a 'user_description_attribute' setting.

  As long as the LDAP attribute name is 'description', one could specify
  a 1:1 'user_additional_attribute_mapping = description:description'
  mapping as a workaround, which would yield the desired result.

  In case a users full name is stored in a different attribute (as with
  many AD backends where the users full name is contained in the
  'displayName' attribute) there is no way to specify this mapping and
  results in users having no description.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1542417/+subscriptions

Follow ups

[Bug 1542417] Re: LDAP backend lacks support for user_description_attribute mapping
From: OpenStack Infra, 2016-02-19