Stein: Cannot list users or groups after setting domain context

Using an LDAP domain in bionic-stein, within horizon we are unable to see the users, groups or projects after selecting the LDAP domain as the domain context.

The 'openstack [user|group|project] list --domain <domain name>' commands work and return the expected output. Only the listing via Horizon fails.

This is using keystone 2:15.0.0-0ubuntu1~cloud0 the stein cloud archive on bionic.

We also tried the keystone 2:15.0.0-0ubuntu1.1~ubuntu18.04.1~ppa201907121531 build from James' PPA for the LP bug https://bugs.launchpad.net/charm-keystone-ldap/+bug/1832265. That build allowed us to see the projects listed in the project selection drop-down, but we still cannot list the users, groups or projects after setting the domain context in horizon.

Charm configuration:

  keystone-ldap:
    charm: cs:keystone-ldap
    options:
      ldap-server: ldaps://<ldap host>
      ldap-user: "uid=<user>,ou=<path>,o=<path>,o=<path>"
      ldap-password: <password>
      ldap-suffix: "ou=<path>,o=<path>,o=<path>"
      debug: false
      domain-name: <domain>
      ldap-readonly: true
      use-internal-endpoints: True
      ldap-config-flags: "{
        query_scope: sub,
        user_tree_dn: 'ou=<path>,o=<path>,o=<path>,
        user_filter: '(memberOf=cn=<group>*,cn=<path>,ou=<path>,o=<path>,o=<path>)',
        user_name_attribute: uid,
        user_id_attribute: uid,
        user_objectclass: person,
        user_mail_attribute: mail,
        group_member_are_ids: False,
        group_tree_dn: 'cn=<path>,ou=<path>,o=<path>,o=<path>',
        group_filter: '(cn=<group>*)',
        group_objectclass: groupOfUniqueNames,
        group_id_attribute: cn,
        group_name_attribute: cn,
        group_member_attribute: uniqueMember
      }"

Will upload sanitised logs.