Red Hat Bugzilla – Bug 1278144
[Docs] [Networking] Need to document how to use the "OPENSTACK_KEYSTONE_DEFAULT_DOMAIN" domain esp with LDAP usage
Last modified: 2018-03-23 22:10:40 EDT
Description of problem:
On the horizon interface, need a way to set the default context so every user attempting to login in does not have to type in a login name.
Steps to Reproduce:
Testing this behavior in the lab environment.
Could you comment on whether dashboard currently has the capability to perform the use case in the bug description?
That value is used to provide a default domain for using authentication.
Fun fact is, it's not used in horizon other than in docs, it is referenced in django-openstack-auth just for login purpose.
Martin, the linked review source is not merged yet. I would expect that to change much in horizon.
Does the reference in django-openstack-auth mean that users can configure a default login domain in horizon? For example, if they enter the value "LAB", will that mean users won't have to type that same value at the dashboard login page?
I should mention that I've tested this and haven't been able to get it working, so I'm wondering that is really the intent of this feature.
Martin, that is, how I understand it, yes.
If it's not working that way, it might be either a bug in our downstream theme, in django-openstack-auth or the delivered django-openstack-auth package.
I think, there has been an upstream bug, which made it not remembering the default domain.
Horizon does not need to have any clue, if keystone uses ldap, mysql or whatever.
It looks like upstream devs do not want to expose a default domain name in the login page (perhaps for security reasons?):
This update attempts to strike a compromise by pre-filling the value in the browser (from cookie), if the user has previously entered one.
Would you agree that I've interpreted this correctly?
May take from the linked bug is:
- pre-filling the domain field with default values is considered as a security risk
- it would be ok to read it from the user cookie, like in the newly implemented feature in Django-openstack-auth.
The code is merged in mitaka cycle, which is probably going to be OSP-9.
In general, features are not being backported.
Moving to 'NEW' while assigned to the default assignee.