Bug 1888680 - AD Group nesting user dn list should also use base scope [NEEDINFO]
Summary: AD Group nesting user dn list should also use base scope
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone
Version: 13.0 (Queens)
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: zstream
: 17.1
Assignee: Dave Wilde
QA Contact: Jeremy Agee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-10-15 13:35 UTC by Christopher Brown
Modified: 2023-08-03 15:46 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-05-03 19:28:24 UTC
Target Upstream Version:
Embargoed:
ifrangs: needinfo? (dwilde)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1899978 0 None None None 2020-10-15 13:35:30 UTC
OpenStack gerrit 758428 0 None NEW get group_dn when listing user dns 2022-08-10 12:37:45 UTC
Red Hat Issue Tracker OSP-152 0 None None None 2022-08-10 12:45:48 UTC

Description Christopher Brown 2020-10-15 13:35:30 UTC 
Description of problem:

We currently see incomplete listing of users when connected to an AD implementation that employs nested groups. With the linked patch running in a custom container, the additional queries are performed to return the user listing we expect to see.


Version-Release number of selected component (if applicable):

RHOSP 13z12
Docker image is openstack-keystone:13.0-116

How reproducible:

Always

Steps to Reproduce:
1. openstack user list --domain <ad_domain>

Actual results:

No users are returned and no error is reported (this is not exceeding the max count as there are only ~40 users in the filter)

Expected results:

User listing returned.
Note You need to log in before you can comment on or make changes to this bug.