Do not create Domains entry in the LDAP

Bug #1194204 reported by Sahdev Zala on 2013-06-24
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Sahdev Zala
Brad Topol

Bug Description

We are creating Domains entry in the devstack and while testing for live LDAP. This can be confusing and not needed since we do not support multiple domains in LDAP.

What we creating right now is,

dn: ou=Domains,dc=openstack,dc=org
objectClass: organizationalUnit
ou: Domains

Sahdev Zala (spzala) on 2013-06-24
summary: - Do not create D
+ Do not create Domains entry in the LDAP
Changed in keystone:
assignee: nobody → Sahdev Zala (spzala)
Brad Topol (btopol) on 2013-06-24
Changed in devstack:
assignee: nobody → Brad Topol (btopol)
Sahdev Zala (spzala) wrote :

Brad, thanks for correcting - it's "we do not support multiple domains in LDAP" (not "multiple LDAP" as I mentioned in the description.. a typing error)

Fix proposed to branch: master

Changed in devstack:
status: New → In Progress
Dolph Mathews (dolph) wrote :

Is there any work to track on the keystone side, or is this limited to devstack?

description: updated
Changed in keystone:
status: New → Incomplete
Sahdev Zala (spzala) wrote :

Hi Dolph, keystone work is needed as well and I will be doing it under this bug. Sorry, seems like I didn't provide enough information to understand the needed work. For Keystone,
1. we are creating "Domains" with live ldap test which is unnecessary and needs to be removed. This includes cleaning up python code for live ldap and config file we use for ldap testing. The TLS config file also has unwanted domains data that needs to be cleaned up as well.
2. we have quite a bit configuration data related to multiple domains (under which is unwanted now and needs to be cleaned up.

Hope makes sense. Thanks!

Submitter: Jenkins
Branch: master

commit 6e88f8e14f5e7f15e37ceebf0f588483ad4bb82b
Author: Brad Topol <email address hidden>
Date: Wed Jun 26 10:26:33 2013 -0500

    Remove creation of Domain entries in LDAP

    Domain entries are no longer stored in keystone ldap.
    Removing the creation from devstack ldap install

    Fixes Bug 1194204

    Change-Id: I9c93d3021cc2bb058d1ef57bebcf3a13dc5bdd34

Changed in devstack:
status: In Progress → Fix Released

Fix proposed to branch: master

Changed in keystone:
status: Incomplete → In Progress
Dolph Mathews (dolph) on 2013-07-08
Changed in keystone:
importance: Undecided → Medium

Submitter: Jenkins
Branch: master

commit 83be2d7a8151940516a59b8e962bf124c6744788
Author: Sahdev Zala <email address hidden>
Date: Mon Jul 8 09:51:06 2013 -0500

    Do not create LDAP Domains sub tree

    Since we do not support multiple domains in LDAP, creating Domains sub tree is
    unnecessary and confusing.

    Fixes Bug1194204

    Change-Id: Ie340fe00bd57675afda58318d858ad2089a17a29

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-07-17
Changed in keystone:
milestone: none → havana-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in keystone:
milestone: havana-2 → 2013.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers