Provide config file fields for enable users in LDAP backend
Bug #1067516 reported by
Adam Young
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Jose Castro Leon |
Bug Description
To fully implement the enabled check in LDAP, the config file needs to say two things:
1. Which attribute indicates that a user is enabled or disabled
2. What value or values for that attribute indicate a user is enabled or disabled.
In addition, disabling a user might require a custom LDAPmodify call.
For some complex setups, checking for disabled users might require a more complex query. If so, we'll cover that in a different ticket.
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
Changed in keystone: | |
assignee: | nobody → Jose Castro Leon (jose-castro-leon) |
tags: | added: blueprint ldap-ad |
Changed in keystone: | |
assignee: | Jose Castro Leon (jose-castro-leon) → Dolph Mathews (dolph) |
Changed in keystone: | |
assignee: | Dolph Mathews (dolph) → Jose Castro Leon (jose-castro-leon) |
Changed in keystone: | |
milestone: | none → grizzly-1 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | grizzly-1 → 2013.1 |
To post a comment you must log in.
In Active Directory there is a field that implements that shows the status the account as well as much more data.
In this case if userAccountControl user attribute equals 2, then the account is disabled.
The only issue is that the user may not be allowed to do a simple_bind if the account is disabled.
http:// support. microsoft. com/kb/ 305144/ en