Comment 3 for bug 1762587

The current version of keystone that I have installed is: 13.0.0 Queens and the keystone-ldap charm version is # 8 I have successfully listed my user id from my corporate directory without the ldap-user and ldap-password setting in my /etc/keystone/keystone.domain_ldap.conf file so I am confident that the current version of keystone does support this function.

My request would be more of an enhancement to the keystone-ldap charm to have the ability to select anonymous bind option where the user / password information would not be put into the conf file. As I said, I put dummy values in my configuration in order to satisfy the charms request that there was incomplete data when I did not enter username/password credentials using juju config keystone-ldap from the command line. The command line did not complain about missing values, but when I look at the juju gui the keystone-ldap charm was blocked.