Federation IDs hardcode UUIDs instead of configured id_generator
Bug #1794530 reported by
Adam Young
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
In Progress
|
Low
|
Adam Young |
Bug Description
A Federated user gets an entry in the shadow-users table. This entry has a unique ID. It is generated using a UUID. This mirrors what we do for LDAP, but in the LDAP case, the ID is generated from the domain ID + the local id of the user (an attribute that uniquely ids the user in LDAP). THus, the LDAP code can be changed at config time, but the Federated code can't. It also means that Federated IDs cannot be kept in sync between two keystone servers.
Changed in keystone: | |
importance: | Undecided → Low |
Changed in keystone: | |
assignee: | nobody → Adam Young (ayoung) |
status: | New → In Progress |
To post a comment you must log in.
Dupe of 1641639