Update user_attribute_ignore for LDAP Identity config

With a recent patch to keystone, the use of tenantId, tenant_id, and default_project_id was normalized to reference default_project_id for all cases internally and translate to the expected results at the controller (v2.0 returns tenantId, v3 returns default_project_id). Devstack must now properly ignore the expected mapped LDAP attribute of 'default_project_id' instead of the old 'tenantId'. Without this fix devstack will fail when using the LDAP identity backend because the 'default_project_id' has been made a special case that requires the operator of a Openstack cloud to explicitly choose an attribute to map 'default_project_id' to if storing that value is desired. Without explicitly mapping that attribute and not having it in the 'user_attribute_ignore' config option, the user_creates can fail. related-bug: 1219739 Change-Id: I1dd3719de50f6d0948b3a9743e32a03d0ac56b3c
2013-09-24 23:43:08 -07:00 · 2013-09-24 23:43:08 -07:00 · 2dc11fb5c8
commit 2dc11fb5c8
parent 23033e0399
1 changed files with 1 additions and 1 deletions
--- a/lib/keystone
+++ b/lib/keystone
@ -115,7 +115,7 @@ function configure_keystone() {
        iniset $KEYSTONE_CONF ldap user "dc=Manager,dc=openstack,dc=org"
        iniset $KEYSTONE_CONF ldap suffix "dc=openstack,dc=org"
        iniset $KEYSTONE_CONF ldap use_dumb_member "True"
-        iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,tenantId"
+        iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,default_project_id"
        iniset $KEYSTONE_CONF ldap tenant_attribute_ignore "enabled"
        iniset $KEYSTONE_CONF ldap tenant_domain_id_attribute "businessCategory"
        iniset $KEYSTONE_CONF ldap tenant_desc_attribute "description"