Comment 3 for bug 1947884

@billy yes I tried it, but nothing worked since the users in the trusted forest are listed as foreignsecurityprincipal object in Active directory and they cannot be treated as normal persons and neither listed with keystone. So no, I don't think that this is something that we can support. Users are listed with urls similar to that: LDAP://CN=S-1-5-21-100066778-12312342-412341235-513,CN=ForeignSecurityPrincipals,DC=domain,DC=com"