subject:"\\\\\\\[Yahoo\\\\\\\-eng\\\\\\\-team\\\\\\\] \\\\\\\[Bug 1526462\\\\\\\] Re\\\\\\\: Need support for OpenDirectory in LDAP driver"

[Yahoo-eng-team] [Bug 1526462] Re: Need support for OpenDirectory in LDAP driver

2016-03-19 Thread OpenStack Infra

Reviewed:  https://review.openstack.org/291497
Committed: 
https://git.openstack.org/cgit/openstack/keystone/commit/?id=5fa308439ffa3161652718fda4e0607ff0e25126
Submitter: Jenkins
Branch:master

commit 5fa308439ffa3161652718fda4e0607ff0e25126
Author: Andrey 
Date:   Thu Mar 10 16:04:04 2016 -0800

Fixed user in group participance

When a group has an assignment instead of user,
Keystone should use proper attribute while searching in
groups DN in LDAP. Originaly DN is hardcoded.

Change-Id: I57bf78fffbd5df0458f3c633108a625a93ed33a6
Closes-bug: #1526462


** Changed in: keystone
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1526462

Title:
  Need support for OpenDirectory in LDAP driver

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  It is necessary to support Apple OpenDirectory as the backend for
  Keystone Identity.

  OpenDirectory uses a concept of POSIX groups, when the entities of
  users in the groups are represented as UIDs, not full DNs:

  dn: cn=group1, cn=groups,dc=domain,dc=com
  
  memberUid: user1
  memberUid: user2
  

  while in the driver of LDAP it is hardcoded that the entities could be
  only full DNs, like:

  dn: cn=group1, cn=groups,dc=domain,dc=com
  
  memberUid: uid=user1,cn=users,dc=domain,dc=com
  memberUid: uid=user2,cn=users,dc=domain,dc=com

  Because of this reason it is impossible to use groups in Keystone and
  we cannot assign the roles to the Keystone groups - Keystone doesn't
  recognize any user to be a part of any group. When it checks the
  roles, it searches for the direct user's assignments, and then for any
  groups which the user can be a member of. So by default the search
  returns nothing.

  We have to have an additional parameter in the config where we specify
  the type of the entity in the groups - whether is it currently a dn or
  an id.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1526462/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1526462] Re: Need support for OpenDirectory in LDAP driver

2016-03-10 Thread Andrey Grebennikov

** Changed in: keystone
   Status: Fix Released => In Progress

** Changed in: keystone
 Assignee: Alexander Makarov (amakarov) => Andrey Grebennikov (agrebennikov)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1526462

Title:
  Need support for OpenDirectory in LDAP driver

Status in OpenStack Identity (keystone):
  In Progress

Bug description:
  It is necessary to support Apple OpenDirectory as the backend for
  Keystone Identity.

  OpenDirectory uses a concept of POSIX groups, when the entities of
  users in the groups are represented as UIDs, not full DNs:

  dn: cn=group1, cn=groups,dc=domain,dc=com
  
  memberUid: user1
  memberUid: user2
  

  while in the driver of LDAP it is hardcoded that the entities could be
  only full DNs, like:

  dn: cn=group1, cn=groups,dc=domain,dc=com
  
  memberUid: uid=user1,cn=users,dc=domain,dc=com
  memberUid: uid=user2,cn=users,dc=domain,dc=com

  Because of this reason it is impossible to use groups in Keystone and
  we cannot assign the roles to the Keystone groups - Keystone doesn't
  recognize any user to be a part of any group. When it checks the
  roles, it searches for the direct user's assignments, and then for any
  groups which the user can be a member of. So by default the search
  returns nothing.

  We have to have an additional parameter in the config where we specify
  the type of the entity in the groups - whether is it currently a dn or
  an id.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1526462/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1526462] Re: Need support for OpenDirectory in LDAP driver

2016-02-17 Thread OpenStack Infra

Reviewed:  https://review.openstack.org/258528
Committed: 
https://git.openstack.org/cgit/openstack/keystone/commit/?id=449f1f2bdee5fe8026239667838cf2ab976806fd
Submitter: Jenkins
Branch:master

commit 449f1f2bdee5fe8026239667838cf2ab976806fd
Author: Alexander Makarov 
Date:   Wed Dec 16 17:11:36 2015 +0300

Enable support for posixGroups in LDAP

Support LDAP backends using POSIX goups

Change-Id: Iaaf022bfdcbd26b3a29c84ff60a033f65a60302b
Closes-Bug: 1526462


** Changed in: keystone
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1526462

Title:
  Need support for OpenDirectory in LDAP driver

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  It is necessary to support Apple OpenDirectory as the backend for
  Keystone Identity.

  OpenDirectory uses a concept of POSIX groups, when the entities of
  users in the groups are represented as UIDs, not full DNs:

  dn: cn=group1, cn=groups,dc=domain,dc=com
  
  memberUid: user1
  memberUid: user2
  

  while in the driver of LDAP it is hardcoded that the entities could be
  only full DNs, like:

  dn: cn=group1, cn=groups,dc=domain,dc=com
  
  memberUid: uid=user1,cn=users,dc=domain,dc=com
  memberUid: uid=user2,cn=users,dc=domain,dc=com

  Because of this reason it is impossible to use groups in Keystone and
  we cannot assign the roles to the Keystone groups - Keystone doesn't
  recognize any user to be a part of any group. When it checks the
  roles, it searches for the direct user's assignments, and then for any
  groups which the user can be a member of. So by default the search
  returns nothing.

  We have to have an additional parameter in the config where we specify
  the type of the entity in the groups - whether is it currently a dn or
  an id.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1526462/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1526462] Re: Need support for OpenDirectory in LDAP driver

[Yahoo-eng-team] [Bug 1526462] Re: Need support for OpenDirectory in LDAP driver

[Yahoo-eng-team] [Bug 1526462] Re: Need support for OpenDirectory in LDAP driver

3 matches

Site Navigation

Mail list logo

Footer information