Comment 6 for bug 1555629

From my verification, both all users and all groups are not supported if domain-specific config. is enabled, as expected in the doc. both returns 401 "Unauthorized". Those calls will need either a domain filter to be specified or usage of a domain scoped token.
I think it make sense to limit both users and groups, because it may exceed the ldap server list limit easily and returns 500 errors

Listing of the rest resource data (such as projects/domians/roles/etc.) are supported if a admin-token is provided even the domain -specific config enabled.

$ curl -k -H "X-Auth-Token:ADMIN" http://localhost:35357/v3/users
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

$ curl -k -H "X-Auth-Token:ADMIN" http://localhost:35357/v3/groups
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}