I think this can be handled with current code. If the config value
CONF.ldap.query_scope = one
which is the default, we generate a DN in order to speed up the querying. However, if the option is set
CONF.ldap.query_scope = sub
Keystone will search on the ID attribute directly.
Try setting in the config file:
[ldap] query_scope = sub
I think this can be handled with current code. If the config value
CONF.ldap. query_scope = one
which is the default, we generate a DN in order to speed up the querying. However, if the option is set
CONF.ldap. query_scope = sub
Keystone will search on the ID attribute directly.
Try setting in the config file:
[ldap]
query_scope = sub