group_filter not working
Bug #1498569 reported by
Robert Duncan
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Won't Fix
|
Medium
|
Unassigned | ||
| python-openstackclient |
Won't Fix
|
Medium
|
Unassigned | ||
Bug Description
keystone 2014.2.2
using multi domains with one domain in AD ldap
group_filter does not work
user_filer (|(memberof=
works as expected, whereas
group_filter (|(CN=group1.
returns no groups in id_mapping table.
openstack group list --domain ldapdomain
(nothing is returned)
so we have to take all the groups in the group_tree_dn
we can have thousands of groups in a directory and we don't want to take them all. especially if we are binding to a global schema and searching for openstack users in multiple sites.
| tags: | added: ldap |
| Changed in keystone: | |
| importance: | Undecided → Medium |
| status: | New → Triaged |
Revision history for this message
| Steve Martinelli (stevemar) wrote | #1 |
| Changed in python-openstackclient: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| Changed in keystone: | |
| status: | Triaged → Won't Fix |
| Changed in python-openstackclient: | |
| assignee: | nobody → Mohan (mmuppidi) |
| Changed in python-openstackclient: | |
| assignee: | Mohan (mmuppidi) → nobody |
| Changed in python-openstackclient: | |
| assignee: | nobody → Mohan (mmuppidi) |
| Changed in python-openstackclient: | |
| assignee: | Mohan (mmuppidi) → nobody |
| Changed in python-openstackclient: | |
| status: | Triaged → Won't Fix |
To post a comment you must log in.
This is working as designed for keystone. I think this is more of an openstackclient bug -- openstackclient should support the filters that are available for user and group list (since it makes LDAP much more user friendly), these filters are both domain_id and name.
See the keystone v3 API: http://
openstackclient should have support for something like ... `openstack group list --domain ldapdomain --name testers`
should return all groups with "testers"