osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[keystone] [stein] [ops] user_enabled_emulation config problem


Hi RadosÅ?aw,

On Tue, Aug 6, 2019, at 04:13, RadosÅ?aw Piliszek wrote:
> Hello all,
> 
> I investigated the case.
> My issue arises from group_members_are_ids ignored for 
> user_enabled_emulation_use_group_config.
> I reported a bug in keystone: 
> https://bugs.launchpad.net/keystone/+bug/1839133
> and will submit a patch.
> Hopefully it helps someone else as well.
> 
> Kind regards,
> Radek

Thanks for the bug report and the patch. I've added the [ops] tag to the subject line of this thread because I'm curious how many other people have tried to use the user_enabled_emulation feature and whether anyone else has run into this problem.

I'm seeing similar behavior even when using the groupOfNames objectclass and not using group_members_are_ids, so I'm hesitant to add conditionals based on that configuration.

Have you tried this on any other versions of keystone besides Stein?

Colleen

> 
> sob., 3 sie 2019 o 20:56 RadosÅ?aw Piliszek 
> <radoslaw.piliszek at gmail.com> napisaÅ?(a):
> > Hello all,
> > 
> > I have an issue using user_enabled_emulation with my LDAP solution.
> > 
> > I set:
> > user_tree_dn = ou=Users,o=UCO
> > user_objectclass = inetOrgPerson
> > user_id_attribute = uid
> > user_name_attribute = uid
> > user_enabled_emulation = true
> > user_enabled_emulation_dn = cn=Users,ou=Groups,o=UCO
> > user_enabled_emulation_use_group_config = true
> > group_tree_dn = ou=Groups,o=UCO
> > group_objectclass = posixGroup
> > group_id_attribute = cn
> > group_name_attribute = cn
> > group_member_attribute = memberUid
> > group_members_are_ids = true
> > 
> > Keystone properly lists members of the Users group but they all remain disabled.
> > Did I misinterpret something?
> > 
> > Kind regards,
> > Radek