Bug 1814833 - LDAP backend default doesn't align to keystone defaults.
Summary: LDAP backend default doesn't align to keystone defaults.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: puppet-keystone
Version: 16.0 (Train)
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: beta
: 16.1 (Train on RHEL 8.2)
Assignee: Dave Wilde
QA Contact: nlevinki
URL:
Whiteboard:
Depends On: 1811546
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-18 18:44 UTC by Dave Wilde
Modified: 2020-07-29 07:51 UTC (History)
10 users (show)

Fixed In Version: puppet-keystone-15.4.1-0.20200528173432.a58ef36.el8ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1811546
Environment:
Last Closed: 2020-07-29 07:51:01 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 713708 0 None MERGED Update ldap-backend options 2020-07-15 06:32:41 UTC
OpenStack gerrit 713712 0 None MERGED Deprecate unused parameters 2020-07-15 06:32:41 UTC
OpenStack gerrit 713898 0 None MERGED Update ldap-backend options 2020-07-15 06:32:41 UTC
Red Hat Product Errata RHBA-2020:3148 0 None None None 2020-07-29 07:51:16 UTC

Description Dave Wilde 2020-03-18 18:44:39 UTC 
+++ This bug was initially created as a clone of Bug #1811546 +++

Description of problem:
LDAP backend default doesn't align to keystone defaults.

For example, use_pool and use_user_pool is false in puppet-keystone.
However, keystone's default configuration is true.

Also there are so many undef assignment to the parameters.

This is also found at upstream puppet-keystone.

Version-Release number of selected component (if applicable):
Current puppet-keystone

How reproducible:
Always

Steps to Reproduce:
1. Try to configure ldap backend.
2. Check keystone.conf.
3.

Actual results:
Some parameters aren't same as keystone's default.

Expected results:
Not assigned parameters by T-H-T should be the same as keystone's defaults.

Additional info:

--- Additional comment from Dave Wilde on 2020-03-18 18:35:24 UTC ---

We have proposed the following patches [0], [1] to the master branch of puppet-keystone to default to upstream keystone defaults as well as to deprecate certain parameters which no longer appear in keystone.  The new undef parameters in the ldap_backend.pp file will use the upstream keystone defaults if they are not specifically overridden:

# This is an example template on how to configure keystone domain specific LDAP
# backends. This will configure a domain called tripleoldap will the attributes
# specified.
parameter_defaults:
  KeystoneLDAPDomainEnable: true
  KeystoneLDAPBackendConfigs:
    tripleoldap:
      url: ldap://192.168.24.251
      user: cn=openstack,ou=Users,dc=tripleo,dc=example,dc=com
      password: Secrete
      suffix: dc=tripleo,dc=example,dc=com
      user_tree_dn: ou=Users,dc=tripleo,dc=example,dc=com
      user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=tripleo,dc=example,dc=com)"
      user_objectclass: person
      user_id_attribute: cn
      use_pool: false
      use_auth_pool: false

[0]: https://review.opendev.org/#/c/713708/
[1]: https://review.opendev.org/#/c/713712/
Comment 10 errata-xmlrpc 2020-07-29 07:51:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3148
Note You need to log in before you can comment on or make changes to this bug.