openstack-manuals

Allow LDAP lock attributes to be used as enable attributes

Bug #1359546 reported by OpenStack Infra
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-manuals
Fix Released
Medium
Unassigned
openstack-manuals juno

Bug Description

https://review.openstack.org/104408
commit 25ec22d281619db25556ed1c8271ae3ee5b45914
Author: Nathan Kinder <email address hidden>
Date: Wed Jul 2 18:36:40 2014 -0700

    Allow LDAP lock attributes to be used as enable attributes

    Some LDAP servers support disabling accounts via a boolean "lock"
    attribute. For these servers, a value in LDAP of "True" means that
    the account is locked, while a value of "False" means the account
    is active. When the "user_enabled_mask" and "user_enabled_emulation"
    options are not in use, Keystone currently expects a boolean
    "enabled" attribute where "True" means the account is enabled and
    "False" means the account is disabled.

    To support LDAP account lock attributes, we need a way to tell
    Keystone that the boolean values from LDAP are inverted. This
    adds a new "user_enabled_invert" setting that allows the enabled
    boolean logic to be inverted in the resource (LDAP), while leaving
    the logic as-is in the model (Keystone user object). The existing
    default behavior remains as-is.

    DocImpact
    Change-Id: I2a89d4b98c854e68e1bb10f53b8b29d92f945f60
    Closes-bug: #1337029

Tom Fifield (fifieldt)
Changed in openstack-manuals:
status: New → Confirmed
importance: Undecided → Medium
tags: added: autogenerate-config-docs
Changed in openstack-manuals:
milestone: none → juno
Revision history for this message
Andreas Jaeger (jaegerandi) wrote :

Tables have been regenerated

Changed in openstack-manuals:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.