OpenStack Identity (keystone)

Federation IDs hardcode UUIDs instead of configured id_generator

Bug #1794530 reported by Adam Young on 2018-09-26

This bug report is a duplicate of: Bug #1641639: use mapping_id for shadow users. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	In Progress	Low	Adam Young

Bug Description

A Federated user gets an entry in the shadow-users table. This entry has a unique ID. It is generated using a UUID. This mirrors what we do for LDAP, but in the LDAP case, the ID is generated from the domain ID + the local id of the user (an attribute that uniquely ids the user in LDAP). THus, the LDAP code can be changed at config time, but the Federated code can't. It also means that Federated IDs cannot be kept in sync between two keystone servers.

Adam Young (ayoung) on 2018-09-26

Changed in keystone:
importance:	Undecided → Low

OpenStack Infra (hudson-openstack) on 2018-09-26

Changed in keystone:
assignee:	nobody → Adam Young (ayoung)
status:	New → In Progress

Revision history for this message

Adam Young (ayoung) wrote on 2018-09-26:

Dupe of 1641639

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1641639 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.