LDAP additional attribute mappings description do not specify that they are for creation only
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Low
|
Alexander Makarov |
Bug Description
Additional attribute mappings can be used to map ldap attributes to internal keystone attributes. This allows keystone to fulfill ldap objectclass requirements. List of additional LDAP attributes used for mapping additional attribute mappings for users (or projects). Attribute mapping format is <ldap_attr>
So far so good. Now, following next steps:
1- Apply this patch https:/
2- Add this parameter to keystone.conf file
tenant_
3- Add 'objectCategory' and 'whenChanged' LDAP parameters to Project model on keystone/
class Project(Model):
required_keys = ('id', 'name', 'domain_id')
optional_keys = ('description', 'enabled', 'objectCategory', 'whenChanged')
4- Restart keystone
5- Execute this in command line:
curl -H "X-Auth-
Everything works perfectly!. you can see the info of 'objectCategory' and 'whenChanged' LDAP parameters in the JSON string returned by CURL... and it should not (I think) works, because "notexistingfield1" and "notexistingfield2" are not real fields.
I have a mistake in the keystone.conf file and everything is working properly.
tags: | added: ldap |
Changed in keystone: | |
importance: | Undecided → Low |
tags: | added: juno-rc-potential |
As far as I understand, the aim is:
provide attribute validation for ldap to model attribute mapping