OpenStack Identity (keystone)

AD Group nesting user dn list should also use base scope

Bug #1899978 reported by Christopher Brown on 2020-10-15

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	In Progress	Undecided	Christopher Brown

Bug Description

In some AD configurations, the group_dn is also required for nested groups. Without this, some queries are empty or incomplete.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-10-15: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.opendev.org/758428

Changed in keystone:
assignee:	nobody → Christopher Brown (snecklifter)
status:	New → In Progress

Revision history for this message

Matteo Panella (mpanella) wrote on 2023-09-25:

Is the proposed fix abandoned? While the latest patchset is technically correct (the original code was using the wrong LDAP query for nested groups) it's blocked since late 2020 because tests and release notes are missing.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.