OpenStack Identity (keystone)

Ldap extra_attributes are discarded if not in user model

Bug #1839441 reported by Jose Castro Leon on 2019-08-08

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	In Progress	Undecided	Jose Castro Leon

Bug Description

When configuring the ldap driver, there is the possibility to add extra attributes to the user/group objects, this is configured in ldap by the (user|group)_additional_attribute_mapping.

Although the ldap queries retrieve the information from the attribute specified, when this gets then parsed in _ldap_res_to_model it gets ignored as the user model does not contain these attributes

https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py#L1358

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-08-08: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.opendev.org/675303

Changed in keystone:
assignee:	nobody → Jose Castro Leon (jose-castro-leon)
status:	New → In Progress

Revision history for this message

Aleksey Myltsev (amyltsev) wrote on 2020-05-21:

Our use case for extra attributes:
We would like to notify users if their project has been affected, for this reason we would like send email on their distribution group. We want add property email for groups and fill in this field with mail attribute from LDAP.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.