Public bug reported: keystone 2014.2.2
using multi domains with one domain in AD ldap group_filter does not work user_filer (|(memberof=CN=group1....)(memberof=CN=group2.....)) works as expected, whereas group_filter (|(CN=group1...)(CN=group2...)) returns no groups in id_mapping table. openstack group list --domain ldapdomain (nothing is returned) so we have to take all the groups in the group_tree_dn we can have thousands of groups in a directory and we don't want to take them all. especially if we are binding to a global schema and searching for openstack users in multiple sites. ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1498569 Title: group_filter not working Status in Keystone: New Bug description: keystone 2014.2.2 using multi domains with one domain in AD ldap group_filter does not work user_filer (|(memberof=CN=group1....)(memberof=CN=group2.....)) works as expected, whereas group_filter (|(CN=group1...)(CN=group2...)) returns no groups in id_mapping table. openstack group list --domain ldapdomain (nothing is returned) so we have to take all the groups in the group_tree_dn we can have thousands of groups in a directory and we don't want to take them all. especially if we are binding to a global schema and searching for openstack users in multiple sites. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1498569/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp