It seems that most of our clouds use LDAP backends, which also use group_member_are_ids = false, but we do not specify a user_id_attribute.. This then falls back to the default of using the "CN" attribute.
It just so happens that Active directory entities are labeled with cn=$sAMAccountName,$user_tree_dn, and so the default code to assume user_id_attribute is the first field of the DN works in most production cases. Suggest renaming title to "Specifying user_id_attribute that is not the distinguished name's primary key field in LDAP database fails when referencing group members if group_members_are_ids = false" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832766 Title: LDAP group_members_are_ids = false fails in Rocky/Stein To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1832766/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
