settingsLogin | Registersettings

[openstack-dev] [keystone] LDAP user_id_attribute does not affect groups

0 votes

Hello OpenStack-dev,

I am running Keystone in a virtual environment with LDAP backend.
When useridattribute is set to sn (and the LDAP directory is
configured accordingly),
openstack user list --domain default --group test-group results in
Group memberuseridfor groupf44a7fbb9e174ba5823474c759d43643not found in the directory. The user should be removed from the group. The user will be ignored.
for a groupOfNames that has userid as a member.

However, openstack user list works OK and lists all user names and ids.


It seems that the problem is here:

cn is used as the id attribute regardless of configuration in

LDAP directory:

Any ideas? This smells of a bug.

Boris Kudryavtsev

OpenStack Development Mailing List (not for usage questions)
asked May 17, 2017 in openstack-dev by Boris_Kudryavtsev (120 points)