yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #73074
[Bug 1671196] Re: user list for LDAP group does not contain all members
[Expired for OpenStack Identity (keystone) because there has been no
activity for 60 days.]
** Changed in: keystone
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1671196
Title:
user list for LDAP group does not contain all members
Status in OpenStack Identity (keystone):
Expired
Bug description:
When running `openstack user list --domain mydomain --group mygroup`
All users in the LDAP group are not returned. Examples below - but it
seems that when the distinguishedName does not match the
userid/SAMAccount property - the entry is not displayed.
Example of a user ID that is NOT displayed, but authentication works fine:
LDAP group "groupname":
```
distinguishedName
-----------------
CN=LASTNAME\, FIRSTNAME,OU=Users,OU=HQ,DC=subdomain,DC=domain,DC=com
```
OpenStack user query:
~# openstack user list --domain domain --group groupname
```
result: returns no user ID/Name
Example of a user ID that is CORRECTLY displayed, and authentication works:
LDAP group "groupname":
```
distinguishedName
-----------------
CN=userid,OU=Users,OU=HQ,DC=subdomain,DC=domain,DC=com
```
OpenStack user query:
~# openstack user list --domain domain --group groupname
```
result: returns ID and Name correctly
```
+------------------------------------------------------------------+------------+
| ID | Name |
+------------------------------------------------------------------+------------+
| 76665c0ff7d4b75a173780ce744f3b86ca97358f23e8d928c4eb25b84c99926a | userid |
```
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1671196/+subscriptions
References
