Comment 7 for bug 1210175

The problem was that the user_enabled_default is a string (defined in keystone.common.config), but then the code was using it like an int (with a bitwise-and operator).

Also, the unit tests weren't actually testing the user_enabled_mask case; the didn't reload the backend so was running with the default config. In addition, the test for user_enabled_mask set user_enabled_default to an int and not a string as it would be if it was read from the config file.

Then for some reason when running with

[ldap]
user_enabled_attribute = employeeType
user_enabled_mask = 2
user_enabled_default = 512

the response from OpenLdap wouldn't include the enabled. I didn't really figure this out but it was easy to recreate. I couldn't figure out a way to test it cleanly because the test is loading the data twice with different configs.