Also when solving this, keep in mind that the ec2_user create may not be allowed by Keystone when you are configured with LDAP Identity driver. With this config the following two scenarios will fail:
1) keystone.conf setting for ldap: user_allow_create=False
2) The authenticated user from ldap does not have privilege in LDAP to create other users in ldap.
We are currently blocked by these scenarios. I'm not familiar with how to add use-case requirements into the blueprints and hope this helps to capture some needs for this fix.
Also when solving this, keep in mind that the ec2_user create may not be allowed by Keystone when you are configured with LDAP Identity driver. With this config the following two scenarios will fail: create= False
1) keystone.conf setting for ldap: user_allow_
2) The authenticated user from ldap does not have privilege in LDAP to create other users in ldap.
Ref: https:/ /github. com/openstack/ keystone/ blob/master/ etc/keystone. conf.sample
We are currently blocked by these scenarios. I'm not familiar with how to add use-case requirements into the blueprints and hope this helps to capture some needs for this fix.