From 2dc11fb5c843ccf057fac9e01cf6beca7d877421 Mon Sep 17 00:00:00 2001 From: Morgan Fainberg Date: Tue, 24 Sep 2013 23:43:08 -0700 Subject: [PATCH] Update user_attribute_ignore for LDAP Identity config With a recent patch to keystone, the use of tenantId, tenant_id, and default_project_id was normalized to reference default_project_id for all cases internally and translate to the expected results at the controller (v2.0 returns tenantId, v3 returns default_project_id). Devstack must now properly ignore the expected mapped LDAP attribute of 'default_project_id' instead of the old 'tenantId'. Without this fix devstack will fail when using the LDAP identity backend because the 'default_project_id' has been made a special case that requires the operator of a Openstack cloud to explicitly choose an attribute to map 'default_project_id' to if storing that value is desired. Without explicitly mapping that attribute and not having it in the 'user_attribute_ignore' config option, the user_creates can fail. related-bug: 1219739 Change-Id: I1dd3719de50f6d0948b3a9743e32a03d0ac56b3c --- lib/keystone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/keystone b/lib/keystone index 3642904e1c..bc5d1511b8 100755 --- a/lib/keystone +++ b/lib/keystone @@ -115,7 +115,7 @@ function configure_keystone() { iniset $KEYSTONE_CONF ldap user "dc=Manager,dc=openstack,dc=org" iniset $KEYSTONE_CONF ldap suffix "dc=openstack,dc=org" iniset $KEYSTONE_CONF ldap use_dumb_member "True" - iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,tenantId" + iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,default_project_id" iniset $KEYSTONE_CONF ldap tenant_attribute_ignore "enabled" iniset $KEYSTONE_CONF ldap tenant_domain_id_attribute "businessCategory" iniset $KEYSTONE_CONF ldap tenant_desc_attribute "description"