Hello, I have a generic question about the logic now available for LDAP users in association with bug 1209440. How do you associate a read-only LDAP user with a domain? LDAP users are not entered into the keystone user table so the only way I can see to associate a user with a domain is to give them a role for the domain so an entry is built for them in the user_domain_metadata table. Am I correct or is there something I am missing?
Regards, Mark ===================== https://bugs.launchpad.net/keystone/+bug/1209440 ===================== At keystone/identity/backends/ldap.py:230 we allow mapping domain_id of a user based on the attribute specified in conf.ldap.user_domain_id_attribute which defaults to 'businessCategory'. My understanding is that this is no longer required and should no longer be allowed and indeed in practice it completely overrides any domain information that is provided in the authentication body. ===================== commit 668ee718127a9983d4838b868efd44ddf661b533 Author: Morgan Fainberg <m...@metacloud.com> Date: Thu Sep 19 19:53:02 2013 -0700 Remove ldap identity domain attribute options LDAP Identity backend is not domain aware, and therefore does not need mappings for the domain attributes for user and group. closes-bug: 1209440 _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
