Update user_attribute_ignore for LDAP Identity config
With a recent patch to keystone, the use of tenantId, tenant_id, and
default_project_id was normalized to reference default_project_id for
all cases internally and translate to the expected results at the
controller (v2.0 returns tenantId, v3 returns default_project_id).
Devstack must now properly ignore the expected mapped LDAP attribute
of 'default_project_id' instead of the old 'tenantId'. Without this
fix devstack will fail when using the LDAP identity backend because
the 'default_project_id' has been made a special case that requires
the operator of a Openstack cloud to explicitly choose an attribute
to map 'default_project_id' to if storing that value is desired.
Without explicitly mapping that attribute and not having it in the
'user_attribute_ignore' config option, the user_creates can fail.
related-bug: 1219739
Change-Id: I1dd3719de50f6d0948b3a9743e32a03d0ac56b3c
Morgan Fainberg authored on 2013/09/25 15:43:08Showing 1 changed files
| ... | ... |
@@ -115,7 +115,7 @@ function configure_keystone() {
|
| 115 | 115 |
iniset $KEYSTONE_CONF ldap user "dc=Manager,dc=openstack,dc=org" |
| 116 | 116 |
iniset $KEYSTONE_CONF ldap suffix "dc=openstack,dc=org" |
| 117 | 117 |
iniset $KEYSTONE_CONF ldap use_dumb_member "True" |
| 118 |
- iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,tenantId" |
|
| 118 |
+ iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,default_project_id" |
|
| 119 | 119 |
iniset $KEYSTONE_CONF ldap tenant_attribute_ignore "enabled" |
| 120 | 120 |
iniset $KEYSTONE_CONF ldap tenant_domain_id_attribute "businessCategory" |
| 121 | 121 |
iniset $KEYSTONE_CONF ldap tenant_desc_attribute "description" |