Update user_attribute_ignore for LDAP Identity config

With a recent patch to keystone, the use of tenantId, tenant_id, and
default_project_id was normalized to reference default_project_id for
all cases internally and translate to the expected results at the
controller (v2.0 returns tenantId, v3 returns default_project_id).

Devstack must now properly ignore the expected mapped LDAP attribute
of 'default_project_id' instead of the old 'tenantId'.  Without this
fix devstack will fail when using the LDAP identity backend because
the 'default_project_id' has been made a special case that requires
the operator of a Openstack cloud to explicitly choose an attribute
to map 'default_project_id' to if storing that value is desired.
Without explicitly mapping that attribute and not having it in the
'user_attribute_ignore' config option, the user_creates can fail.

related-bug: 1219739
Change-Id: I1dd3719de50f6d0948b3a9743e32a03d0ac56b3c
This commit is contained in:
Morgan Fainberg 2013-09-24 23:43:08 -07:00
parent 23033e0399
commit 2dc11fb5c8

View File

@ -115,7 +115,7 @@ function configure_keystone() {
iniset $KEYSTONE_CONF ldap user "dc=Manager,dc=openstack,dc=org" iniset $KEYSTONE_CONF ldap user "dc=Manager,dc=openstack,dc=org"
iniset $KEYSTONE_CONF ldap suffix "dc=openstack,dc=org" iniset $KEYSTONE_CONF ldap suffix "dc=openstack,dc=org"
iniset $KEYSTONE_CONF ldap use_dumb_member "True" iniset $KEYSTONE_CONF ldap use_dumb_member "True"
iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,tenantId" iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,default_project_id"
iniset $KEYSTONE_CONF ldap tenant_attribute_ignore "enabled" iniset $KEYSTONE_CONF ldap tenant_attribute_ignore "enabled"
iniset $KEYSTONE_CONF ldap tenant_domain_id_attribute "businessCategory" iniset $KEYSTONE_CONF ldap tenant_domain_id_attribute "businessCategory"
iniset $KEYSTONE_CONF ldap tenant_desc_attribute "description" iniset $KEYSTONE_CONF ldap tenant_desc_attribute "description"