Provide config file fields for enable users in LDAP backend

Bug #1067516 reported by Adam Young on 2012-10-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Wishlist
Jose Castro Leon

Bug Description

To fully implement the enabled check in LDAP, the config file needs to say two things:

1. Which attribute indicates that a user is enabled or disabled
2. What value or values for that attribute indicate a user is enabled or disabled.

In addition, disabling a user might require a custom LDAPmodify call.

For some complex setups, checking for disabled users might require a more complex query. If so, we'll cover that in a different ticket.

In Active Directory there is a field that implements that shows the status the account as well as much more data.
In this case if userAccountControl user attribute equals 2, then the account is disabled.

The only issue is that the user may not be allowed to do a simple_bind if the account is disabled.

http://support.microsoft.com/kb/305144/en

Joseph Heck (heckj) on 2012-10-20
Changed in keystone:
status: New → Triaged
importance: Undecided → Wishlist
Changed in keystone:
assignee: nobody → Jose Castro Leon (jose-castro-leon)

Fix proposed to branch: master
Review: https://review.openstack.org/14964

Changed in keystone:
status: Triaged → In Progress
tags: added: blueprint ldap-ad
Changed in keystone:
assignee: Jose Castro Leon (jose-castro-leon) → Dolph Mathews (dolph)
Dolph Mathews (dolph) on 2012-11-13
Changed in keystone:
assignee: Dolph Mathews (dolph) → Jose Castro Leon (jose-castro-leon)

Reviewed: https://review.openstack.org/14964
Committed: http://github.com/openstack/keystone/commit/001f708e7d9ffc69c80f823e7ab5f79325cc8a40
Submitter: Jenkins
Branch: master

commit 001f708e7d9ffc69c80f823e7ab5f79325cc8a40
Author: Jose Castro Leon <email address hidden>
Date: Mon Oct 29 15:07:58 2012 +0100

    Provide config file fields for enable users in LDAP backend (bug1067516)

    DocImpact

    Change-Id: I1ee9a1e2505cdd8c9ee8acba5c0e89a4f25c7262

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2012-11-22
Changed in keystone:
milestone: none → grizzly-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-04-04
Changed in keystone:
milestone: grizzly-1 → 2013.1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers