LDAP identity still allows setting domain via attribute
Bug #1209440 reported by
Jamie Lennox
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Morgan Fainberg |
Bug Description
At keystone/
My understanding is that this is no longer required and should no longer be allowed and indeed in practice it completely overrides any domain information that is provided in the authentication body.
Changed in keystone: | |
assignee: | nobody → Adam Young (ayoung) |
status: | New → Confirmed |
Changed in keystone: | |
importance: | Undecided → Medium |
milestone: | none → havana-3 |
Changed in keystone: | |
milestone: | havana-3 → havana-rc1 |
Changed in keystone: | |
status: | Confirmed → Incomplete |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | havana-rc1 → 2013.2 |
To post a comment you must log in.
How does this also relate to user_domain_ id_attribute and group_domain_ id_attribute? These default to businessCategory and i now have a couple of projects set to the wrong domain (i'm still not sure how this was ever set wrong).
These are supposed to be domain scoped but if ldap is limited to the default domain (or one domain) surely these should be ignored and overwritten with the default domain?