Jose, is your server set up with Anonymous binding for the manager account? If so, I can see how it will pass through if borth userid and password are left off, but it should get a token for the manager account, which should not be a "real" Open Stack /Keystone account, should have no roles, and should not be an administrator.
"passwordCredentials": {"username": "*USER1*"}}}' Should hit the LDAP authenticate function which does:
Jose, is your server set up with Anonymous binding for the manager account? If so, I can see how it will pass through if borth userid and password are left off, but it should get a token for the manager account, which should not be a "real" Open Stack /Keystone account, should have no roles, and should not be an administrator.
"passwordCreden tials": {"username": "*USER1*"}}}' Should hit the LDAP authenticate function which does:
conn = self.user. get_connection( self.user. _id_to_ dn(user_ id),
password)
https:/ /github. com/openstack/ keystone/ blob/master/ keystone/ identity/ backends/ ldap/core. py#L112
So it should not be passed through Blankly. Thus, it should always do the simple bind.