yahoo-eng-team team mailing list archive

[Steve Martinelli <stevemar@xxxxxxxxxx>]

This is working as designed for keystone. I think this is more of an
openstackclient bug -- openstackclient should support the filters that
are available for user and group list (since it makes LDAP much more
user friendly), these filters are both domain_id and name.

See the keystone v3 API: http://specs.openstack.org/openstack/keystone-
specs/api/v3/identity-api-v3.html#list-groups

openstackclient should have support for something like ... `openstack
group list --domain ldapdomain --name testers`

should return all groups with "testers"

** Also affects: python-openstackclient
   Importance: Undecided
       Status: New

** Changed in: python-openstackclient
       Status: New => Triaged

** Changed in: python-openstackclient
   Importance: Undecided => Medium

** Changed in: keystone
       Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1498569

Title:
  group_filter not working

Status in OpenStack Identity (keystone):
  Won't Fix
Status in python-openstackclient:
  Triaged

Bug description:
  keystone 2014.2.2

  using multi domains with one domain in AD ldap
  group_filter does not work

  user_filer (|(memberof=CN=group1....)(memberof=CN=group2.....))
  works as expected, whereas 
  group_filter (|(CN=group1...)(CN=group2...))

  returns no groups in id_mapping table.
  openstack group list --domain ldapdomain 
  (nothing is returned)

  so we have to take all the groups in the group_tree_dn

  we can have thousands of groups in a directory and we don't want to
  take them all. especially if we are binding to a global schema and
  searching for openstack users in multiple sites.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1498569/+subscriptions