Allow LDAP lock attributes to be used as enable attributes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-manuals |
Fix Released
|
Medium
|
Unassigned |
Bug Description
https:/
commit 25ec22d281619db
Author: Nathan Kinder <email address hidden>
Date: Wed Jul 2 18:36:40 2014 -0700
Allow LDAP lock attributes to be used as enable attributes
Some LDAP servers support disabling accounts via a boolean "lock"
attribute. For these servers, a value in LDAP of "True" means that
the account is locked, while a value of "False" means the account
is active. When the "user_enabled_mask" and "user_enabled_
options are not in use, Keystone currently expects a boolean
"enabled" attribute where "True" means the account is enabled and
"False" means the account is disabled.
To support LDAP account lock attributes, we need a way to tell
Keystone that the boolean values from LDAP are inverted. This
adds a new "user_enabled_
boolean logic to be inverted in the resource (LDAP), while leaving
the logic as-is in the model (Keystone user object). The existing
default behavior remains as-is.
DocImpact
Change-Id: I2a89d4b98c854e
Closes-bug: #1337029
Changed in openstack-manuals: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
tags: | added: autogenerate-config-docs |
Changed in openstack-manuals: | |
milestone: | none → juno |
Tables have been regenerated