Comment 4 for bug 1210141

Revision history for this message
Adam Young (ayoung) wrote : Re: LDAP identity provider fails when using samAccountName

I think this can be handled with current code. If the config value

CONF.ldap.query_scope = one

which is the default, we generate a DN in order to speed up the querying. However, if the option is set

CONF.ldap.query_scope = sub

Keystone will search on the ID attribute directly.

Try setting in the config file:

query_scope = sub