keystone charm should expose chase_referrals setting

Bug #1663116 reported by Brad Marshall on 2017-02-09
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Keystone LDAP integration
keystone (Juju Charms Collection)

Bug Description

To assist in making LDAP more usable, the keystone charm should expose the chase_referrals configuration as a juju config setting. This is particularly useful when using Active Directory domains as an authentication source.

This setting can be either a boolean, or unset to use the systems default behaviour.

Brad Marshall (brad-marshall) wrote :

Note our use case for this is for use with multiple ldap domains, I believe there's work to create a subordinate charm in planning for this. I did notice we can use the ldap-config-flags option to do it, but thats only if the identity_backend is set to ldap, which is not the case for us.

James Page (james-page) wrote :

I'm loath to put more feature into the v2 LDAP support directly into the keystone charm as I think its a perfect use case for a domain specific identity driver - as provided by the keystone-ldap charm.

Changed in charm-keystone-ldap:
status: New → Triaged
importance: Undecided → Wishlist
Changed in keystone (Juju Charms Collection):
status: New → Invalid
Brad Marshall (brad-marshall) wrote :

That's fine, at the time I wasn't sure where the LDAP keystone driver was going to be, but if we can use the ldap-config-flags on it as seems to be in the charm-keystone-ldap, that should be sufficient to us. As long as the value gets set for the domains, I'm happy.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers