Basically the issue is that the user_id_attribute setting / option is not getting honored for anything.
After talking to Adam this piece https://github.com/openstack/keystone/blob/master/keystone/common/ldap/core.py#L261-L263 needs some change in order for this to work correctly. Currently this being broken breaks all standard AD use-cases where 'sAMAccountName' is the attribute for the login name instead of 'cn' as in a unux / linux ldap. ** Changed in: keystone Status: Invalid => New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1231488 Title: ldap config "user_id_attribute" is ignored Status in OpenStack Identity (Keystone): New Status in Python client library for Keystone: New Bug description: I can sucessfully configure keystone LDAP settings and keystone user- list works fine. Shows to me id, name, enabled and email correctly. But when I do a "keystone user-get foo" the message shows: No user with a name or ID of 'foo' exists. The configuration file for user and ldap options are: ---- [ldap] url = ldap://ldap.my.company.com suffix = dc=my,dc=company,dc=com objectClass = posixAccount user_tree_dn = ou=people,dc=my,dc=company,dc=com user_objectclass = posixAccount user_unit = "People" user_id_attribute = uid user_name_attribute = cn user_mail_attribute = mail user_pass_attribute = userPassword user_enabled_attribute = uidNumber user_enabled_mask = 255 user_enabled_default = True user_attribute_ignore = tenantId,tenants user_allow_create = False user_allow_update = False user_allow_delete = False ---- I dont use Active Directory, so cn (the default user_id_attribute) is the full user name and not a login. In my base login is uid. If I do a keystone user-get "Full Name of Foo" works fine. But sorry if is a mistake of me, but IMHO, should works with user_id_attribute configured in config file. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1231488/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
