OpenStack Identity (keystone)

LDAP implementation incomplete for User Groups

Bug #1092187 reported by Henry Nash on 2012-12-19

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	Sahdev Zala	OpenStack Identity (keystone) 2013.1 "grizzly"

Bug Description

The initial User Groups implementation supports SQL and kvs backends - but only has placeholder for LDAP support. This needs to be completed before the solution can be released as part of Grizzly

Henry Nash (henry-nash) on 2012-12-19

Changed in keystone:
assignee:	nobody → Henry Nash (henry-nash)

OpenStack Infra (hudson-openstack) on 2012-12-27

Changed in keystone:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-01-08: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/18097
Committed: http://github.com/openstack/keystone/commit/4fae928c59beaa558306a5aa3a3aa5c6f4945b70
Submitter: Jenkins
Branch: master

commit 4fae928c59beaa558306a5aa3a3aa5c6f4945b70
Author: Henry Nash <email address hidden>
Date: Thu Dec 13 16:48:13 2012 +0000

Keystone server support for user groups

    This implements the server side of groups of users. This
    set of code provides all the crud functionality for groups as
    well as the corresponding support for role assignments.

blueprint user-groups

The following deficiencies existing with the current version and
will be corrected ahead of the final Grizzly release:

    1) There is only placeholder support for LDAP (Bug #1092187)
    2) Domain role grants are accepted but not yet honored (Bug #1093248)
    3) Token invalidation does not occur with group changes (Bug #1093493)

    This update also fills in missing v3 grant unit testing and v3 grant
    support within the kvs backend. In addition, there is a fix for
    Bug #1092200 (uncaught exception when listing grants)

DocImpact

Change-Id: Ibd1783b04b2d7804eff90312e5ef591dca4d0695

Changed in keystone:
status:	In Progress → Fix Committed

Henry Nash (henry-nash) on 2013-01-08

Changed in keystone:
status:	Fix Committed → In Progress

OpenStack Infra (hudson-openstack) on 2013-02-24

Changed in keystone:
assignee:	Henry Nash (henry-nash) → Sahdev Zala (spzala)

OpenStack Infra (hudson-openstack) on 2013-03-19

Changed in keystone:
assignee:	Sahdev Zala (spzala) → Adam Young (ayoung)

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-03-19:

Note that the patch linked above ( https://review.openstack.org/18097 ) simply references the introduction of this bug, but didn't actually fix it.

Dolph Mathews (dolph) on 2013-03-19

Changed in keystone:
milestone:	none → grizzly-rc1
importance:	Undecided → Medium

OpenStack Infra (hudson-openstack) on 2013-03-19

Changed in keystone:
assignee:	Adam Young (ayoung) → Sahdev Zala (spzala)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-03-19:

Reviewed: https://review.openstack.org/22624
Committed: http://github.com/openstack/keystone/commit/5cb8e1f2e5e12cf7e8c6bce91af53b901f6254a9
Submitter: Jenkins
Branch: master

commit 5cb8e1f2e5e12cf7e8c6bce91af53b901f6254a9
Author: Sahdev Zala <email address hidden>
Date: Thu Feb 21 16:11:12 2013 -0600

Support for LDAP groups (bug #1092187)

Also covers Domain CRUD.

Fixes Bug #1092187

Change-Id: If2266ed382edfedfad3eef450ce58640ca4b4657

Changed in keystone:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-03-21

Changed in keystone:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-04-04

Changed in keystone:
milestone:	grizzly-rc1 → 2013.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.