Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix role lookup for Active Directory
When using Keystone against an Active Directory server, assigned roles weren't found for users. When roles are added as DNs in the roleOccupant attribute, an LDAP server can normalize the value so that when the entry is read later the roleOccupant isn't exactly the same as it was when added. Keystone should compare users by ID rather than by DN. (Note that this is how the comparison is done in Grizzly.) Keystone's fake LDAP is changed to muck with roleOccupant and member DNs by uppercasing attribute names (like Active Directory). The code is fixed to compare users by ID rather than DN. Change-Id: Iaa41c3ef9febcabef0662f38b13d319a5b5583bc Resolves-Bug: #1210675
- Loading branch information
Brant Knudson
committed
Aug 23, 2013
1 parent
4dbda64
commit e4b1d22
Showing
2 changed files
with
31 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters