Bug 1278144 - [Docs] [Networking] Need to document how to use the "OPENSTACK_KEYSTONE_DEFAULT_DOMAIN" domain esp with LDAP usage
[Docs] [Networking] Need to document how to use the "OPENSTACK_KEYSTONE_DEFAU...
Status: NEW
Product: Red Hat OpenStack
Classification: Red Hat
Component: documentation (Show other bugs)
9.0 (Mitaka)
Unspecified Unspecified
medium Severity low
: ---
: 9.0 (Mitaka)
Assigned To: RHOS Documentation Team
RHOS Documentation Team
: Documentation, Triaged
Depends On:
  Show dependency treegraph
Reported: 2015-11-04 13:27 EST by Ruchika K
Modified: 2018-03-23 22:10 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ruchika K 2015-11-04 13:27:26 EST
Description of problem:

On the horizon interface, need a way to set the default context so every user attempting to login in does not have to type in a login name.

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:
Comment 2 Martin Lopes 2015-11-09 02:36:41 EST
Testing this behavior in the lab environment.
Comment 4 Martin Lopes 2015-11-26 01:49:52 EST
Hi Matthias, 

Could you comment on whether dashboard currently has the capability to perform the use case in the bug description?
Comment 5 Matthias Runge 2015-11-26 10:05:48 EST
That value is used to provide a default domain for using authentication.

Fun fact is, it's not used in horizon other than in docs, it is referenced in django-openstack-auth just for login purpose.

Martin, the linked review source is not merged yet. I would expect that to change much in horizon.
Comment 6 Martin Lopes 2015-12-13 23:30:47 EST
Hi Matthias, 

Does the reference in django-openstack-auth mean that users can configure a default login domain in horizon? For example, if they enter the value "LAB", will that mean users won't have to type that same value at the dashboard login page?
I should mention that I've tested this and haven't been able to get it working, so I'm wondering that is really the intent of this feature.
Comment 7 Matthias Runge 2015-12-14 03:14:45 EST
Martin, that is, how I understand it, yes.

If it's not working that way, it might be either a bug in our downstream theme, in django-openstack-auth or the delivered django-openstack-auth package.

I think, there has been an upstream bug, which made it not remembering the default domain.

Horizon does not need to have any clue, if keystone uses ldap, mysql or whatever.
Comment 8 Martin Lopes 2015-12-17 00:15:06 EST
Hi Matthias,

It looks like upstream devs do not want to expose a default domain name in the login page (perhaps for security reasons?):


This update attempts to strike a compromise by pre-filling the value in the browser (from cookie), if the user has previously entered one.
Would you agree that I've interpreted this correctly?
Comment 9 Matthias Runge 2015-12-17 02:13:37 EST
May take from the linked bug is:
- pre-filling the domain field with default values is considered as a security risk
- it would be ok to read it from the user cookie, like in the newly implemented feature in Django-openstack-auth.
Comment 11 Matthias Runge 2015-12-18 02:05:57 EST
The code is merged in mitaka cycle, which is probably going to be OSP-9.
In general, features are not being backported.
Comment 13 Andrew Dahms 2016-08-08 08:21:02 EDT
Moving to 'NEW' while assigned to the default assignee.

Note You need to log in before you can comment on or make changes to this bug.