keystone: Set user_enabled_default for LDAP domain
When using the LDAP identity backend, stack.sh fails during the create_keystone_accounts phase when trying to verify the newly created demo user. This is caused by a BadRequestException from the Keystone API with the error, 'enabled' is a required property. The error occurs because the default LDAP user object created by the DevStack scripts does not contain an attribute that Keystone can map to its mandatory enabled property. This change fixes the issue by adding user_enabled_emulation = True to the domain-specific LDAP configuration in the create_ldap_domain function. This tells Keystone to assume a user is enabled if the attribute is not explicitly defined in their LDAP entry, which resolves the schema incompatibility and allows the script to complete successfully. Signed-off-by: Grzegorz Grasza <xek@redhat.com> Change-Id: I15ddf0b88ee93615c318d4845a026ca1e25c3e69
This commit is contained in:
1 changed files with 1 additions and 0 deletions
@@ -608,6 +608,7 @@ function create_ldap_domain {
iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_name_attribute "cn"
iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_mail_attribute "mail"
iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_id_attribute "uid"
iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_enabled_emulation "True"
iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user "cn=Manager,dc=openstack,dc=org"
iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap url "ldap://localhost"
iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap suffix $LDAP_BASE_DN
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.