Bug 1332312 - [Docs][Keystone] Document the query_scope parameter for Active Directory Integration
Summary: [Docs][Keystone] Document the query_scope parameter for Active Directory Inte...
Keywords:
Status: CLOSED DUPLICATE of bug 1335696
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: documentation
Version: 7.0 (Kilo)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: async
: ---
Assignee: Martin Lopes
QA Contact: RHOS Documentation Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-02 21:31 UTC by Andreas Karis
Modified: 2019-05-10 10:47 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-10 10:47:41 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Andreas Karis 2016-05-02 21:31:07 UTC 
Description of problem:
Documentation bug:  Integrate with Identity Service - Chapter 1. Active Directory Integration 

In section 1.14.1 Test LDAP connections, connections are tested with the "sub" keyword which makes openldap search the whole subtree. However, the configuration for ldap in /etc/keystone/domains/keystone.LAB.conf  is a simple search, so it ignores nested groups. This leads to confusion over the correct usage of keystone AD integration with nested groups.

Please document the following parameter for /etc/keystone/domains/keystone.LAB.conf:

# The LDAP scope for queries, this can be either "one" (onelevel/singleLevel)
# or "sub" (subtree/wholeSubtree). (string value)
#query_scope = one
Comment 2 Andreas Karis 2016-05-02 21:31:27 UTC 
https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/7/integrate-with-identity-service/chapter-1-active-directory-integration
Comment 4 Lucy Bopf 2017-03-08 07:03:53 UTC 
Moving to NEW to be triaged as resources allow.
Comment 5 Martin Lopes 2019-05-10 10:47:41 UTC 
This was addressed under BZ#1335696.

*** This bug has been marked as a duplicate of bug 1335696 ***
Note You need to log in before you can comment on or make changes to this bug.