Mirantis OpenStack

Keystone generates IDs for users and groups with LDAP backend

Bug #1522559 reported by Andrey Grebennikov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Won't Fix
Medium
Boris Bobrov
Mirantis OpenStack 8.0
9.x
Won't Fix
Medium
Boris Bobrov
Mirantis OpenStack 9.0

Bug Description

MOS 7.0

"Use LDAP for authentication" applied.

External LDAP server is used as the Identity backend (in an additional domain).

the part of the domain config:
----------------------------
[ldap]
...
user_name_attribute=uid
...
user_id_attribute=uid
...
group_name_attribute = cn
group_member_attribute = memberUid

[identity]
driver = keystone.identity.backends.ldap.Identity
------------------------
At the same time, when doing "openstack group list" or "openstack user list/show" commands, it is showing the users and groups with generated ID, instead of pulling them from the backend based on mapping.

openstack --os-identity-api-version=3 --os-url='http://192.168.0.2:35357/v3/' --os-token='CUhnMJTr' group list --domain newdomain
+------------------------------------------------------------------+---------------------+
| ID | Name |
+------------------------------------------------------------------+---------------------+
| 309217c8ab3f0893330319feba3b4da171422dc129352d33f232e1c29a89c4b1 | group-tenant10 |
| cc53470be5ca51d07d9cb1fe980fdf68915e02c255a932a9531f04c96c7817bd | group-tenant11 |

openstack --os-identity-api-version=3 --os-url='http://192.168.0.2:35357/v3/' --os-token='CUhnMJTr' user list --domain newdomain
+------------------------------------------------------------------+-------------+
| ID | Name |
+------------------------------------------------------------------+-------------+
| 956948966e0a6765a143c198b092e712a3a3466d2439fcbb8b59a79117c69e5b | glance_sys |
| 8cc07743da517644ff2d8b389e0e19fc4b8596fd239b799df367d5bd9714825d | neutron_sys |
| ada798d0ad98246578e4c7824bb8e7f76411601ec559522633a7a23bb769791d | cinder_sys |
| 487d233091011dedabf23656a1c428e0a499df781fb92cc890177532de7ff354 | swift_sys |
+------------------------------------------------------------------+-------------+
+------------------------------------------------------------------+---------------------+

Boris Bobrov (bbobrov)
Changed in mos:
assignee: nobody → Boris Bobrov (bbobrov)
Roman Podoliaka (rpodolyaka)
Changed in mos:
importance: Undecided → Medium
milestone: none → 8.0
status: New → Confirmed
Revision history for this message
Boris Bobrov (bbobrov) wrote :

Won't fix for 8.0 because of SCF

Changed in mos:
status: Confirmed → Won't Fix
Revision history for this message
Boris Bobrov (bbobrov) wrote :

This is by design. Please see docs for id_mapping_api.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.