Public bug reported:
keystone 2014.2.2
using multi domains with one domain in AD ldap
group_filter does not work
user_filer (|(memberof=CN=group1....)(memberof=CN=group2.....))
works as expected, whereas
group_filter (|(CN=group1...)(CN=group2...))
returns no groups in id_mapping table.
openstack group list --domain ldapdomain
(nothing is returned)
so we have to take all the groups in the group_tree_dn
we can have thousands of groups in a directory and we don't want to take
them all. especially if we are binding to a global schema and searching
for openstack users in multiple sites.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1498569
Title:
group_filter not working
Status in Keystone:
New
Bug description:
keystone 2014.2.2
using multi domains with one domain in AD ldap
group_filter does not work
user_filer (|(memberof=CN=group1....)(memberof=CN=group2.....))
works as expected, whereas
group_filter (|(CN=group1...)(CN=group2...))
returns no groups in id_mapping table.
openstack group list --domain ldapdomain
(nothing is returned)
so we have to take all the groups in the group_tree_dn
we can have thousands of groups in a directory and we don't want to
take them all. especially if we are binding to a global schema and
searching for openstack users in multiple sites.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1498569/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
