Keystone LDAP bug _dn_to_id() always returns left-most RDN
----------------------------------------------------------

In other words, _dn_to_id won't work if user_id_attribute or group_id_attribute is changed
from the default of 'cn' to another attribute.

Bug: https://bugs.launchpad.net/keystone/+bug/1782922

Note: testing here is deployed with the OpenStack charms - in particular with the
keystone-ldap function tests.

Testing steps:

* Updated ldap-test-fixture to add groupOfNames group for expanded testing
    https://github.com/coreycb/charm-ldap-test-fixture

* run tox -e func-smoke from keystone-ldap charm (make sure src/tests/basic_deployment.py
  is updated to point to local path of modified ldap-test-fixture)

* juju ssh keystone/0

* vi /etc/keystone/domains/keystone.userdomain.conf # add the following to [ldap] section:

# Upstream release note for more context:
# Fixed the problem where Keystone indiscriminately return the first RDN
# as the user ID, regardless whether it matches the configured
# 'user_id_attribute' or not. This will break deployments where
# 'group_members_are_ids' are set to False and 'user_id_attribute' is not
# in the DN. This patch will perform a lookup by DN if the first RND does
# not match the configured 'user_id_attribute'.

###### Test scenario 1 (exercises else path in _dn_to_id) ######
# Prior to bug 1782922 fix, 'openstack user list --group cloud --domain userdomain'
# returns nothing.
# After bug 1782922 fix, 'openstack user list --group cloud --domain userdomain'
# returns users. _dn_to_id() takes new else path, where 'ID' attribute is not in
# the DN, and LDAP search is performed to look it up from the user entry itself.
group_id_attribute = businessCategory
group_name_attribute = businessCategory
group_member_attribute = member
group_members_are_ids = False
group_objectclass = groupOfNames

group_tree_dn = ou=groups,dc=test,dc=com
user_id_attribute = uidNumber
user_objectclass = inetOrgPerson
user_tree_dn = ou=users,dc=test,dc=com

###### Test scenario 2 (exercises if path in _dn_to_id) ######
# Configuration is same as above except user_id_attribute not specified.

* restart services on keystone; this can be done with 'juju config keystone debug=true'

* setup env vars for CLI
source ~/openstack-charm-testing/novarcv3_project

* the following commands should be successful:
openstack user list --domain userdomain
openstack group list --domain userdomain
openstack user list --group cloud --domain userdomain

With old code:
$ openstack user list --domain userdomain
+------------------------------------------------------------------+----------+
| ID                                                               | Name     |
+------------------------------------------------------------------+----------+
| db10b66603b13c73faeb1427b15dbbdd5869d218de2c8472aaed7e8e1a62d388 | Jane Doe |
| 217b91d58e3492ea290f030f64212d05f5ecb82e4f22b5b2473e53a6ca5602d3 | John Doe |
+------------------------------------------------------------------+----------+
$ openstack group list --domain userdomain
+------------------------------------------------------------------+-------+
| ID                                                               | Name  |
+------------------------------------------------------------------+-------+
| 4f37530b407ed0881ce014db5cd7ce5e0aa2d320594c094817f0168dc322bf50 | cloud |
+------------------------------------------------------------------+-------+
$ openstack user list --group cloud --domain userdomain

$

With fixed code:
$ openstack user list --domain userdomain
+------------------------------------------------------------------+----------+
| ID                                                               | Name     |
+------------------------------------------------------------------+----------+
| db10b66603b13c73faeb1427b15dbbdd5869d218de2c8472aaed7e8e1a62d388 | Jane Doe |
| 217b91d58e3492ea290f030f64212d05f5ecb82e4f22b5b2473e53a6ca5602d3 | John Doe |
+------------------------------------------------------------------+----------+
$ openstack group list --domain userdomain
+------------------------------------------------------------------+-------+
| ID                                                               | Name  |
+------------------------------------------------------------------+-------+
| 4f37530b407ed0881ce014db5cd7ce5e0aa2d320594c094817f0168dc322bf50 | cloud |
+------------------------------------------------------------------+-------+
$ openstack user list --group cloud --domain userdomain
+------------------------------------------------------------------+----------+
| ID                                                               | Name     |
+------------------------------------------------------------------+----------+
| 217b91d58e3492ea290f030f64212d05f5ecb82e4f22b5b2473e53a6ca5602d3 | John Doe |
| db10b66603b13c73faeb1427b15dbbdd5869d218de2c8472aaed7e8e1a62d388 | Jane Doe |
+------------------------------------------------------------------+----------+
$