Comment 2 for bug 1775094

A separate documentation note that caught me by surprise was the removal of LDAP write support. It's the second sentence is this paragraph:

https://docs.openstack.org/keystone/pike/admin/identity-integrate-with-ldap.html

To me integration means a symbiotic relationship, whereas LDAP is really being used as a RO data store.

The confusion compounds since LDAP write support did exist in a previous release and the O'Reilly book contains this line,

"These options also include whether Keystone is able write to LDAP or simply read the LDAP data."

There are not many resources available, especially with the advice of not trusting blogs, and books have this authoritative prestige about them, so surely the book must be right.... it is not.

After contemplating the matter, I understand enterprise organizations would want write access stripped out but there are plenty of new organizations that want to onboard enterprise level number of users immediately, through keystone, since it does all of this other stuff, and I'd rather let keystone manage it all anyway. Let me hook up the keystone_attribute_field to the LDAP_attribute_field, and wow this is neat!