Comment 0 for bug 1542417

Rudolf Vriend (rudolf-vriend) wrote :

The LDAP backend supports mapping between LDAP and keystone user attributes via the 'user_<attribute>_name' settings in the ldap driver configuration.

The implementation is incomplete, since there is no support for specifying a 'user_description_attribute' setting.

As long as the LDAP attribute name is 'description', one could specify a 1:1 'user_additional_attribute_mapping = description:description' mapping as a workaround, which would yield the desired result.

In case a users full name is stored in a different attribute (as with many AD backends where the users full name is contained in the 'displayName' attribute) there is no way to specify this mapping and results in users having no description.