"proper" configuration of LDAP isn't going to happen, so fixing this isn't prolonging that...
Similarly, documenting a way to address this on the LDAP side will do nothing. That's not going to happen either.
The only place this can be fixed is in keystone. And I don't see why it would be a contradiction to filter users that don't have fields we require... that just seems right to me.
"proper" configuration of LDAP isn't going to happen, so fixing this isn't prolonging that...
Similarly, documenting a way to address this on the LDAP side will do nothing. That's not going to happen either.
The only place this can be fixed is in keystone. And I don't see why it would be a contradiction to filter users that don't have fields we require... that just seems right to me.