<div dir="ltr">2.  I have a bug open on this problem:<div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><a href="https://bugs.launchpad.net/keystone/+bug/1205150">https://bugs.launchpad.net/keystone/+bug/1205150</a><br>

</div><div><br></div></blockquote></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 2, 2013 at 3:59 PM, Miller, Mark M (EB SW Cloud - R&D - Corvallis) <span dir="ltr"><<a href="mailto:mark.m.miller@hp.com" target="_blank">mark.m.miller@hp.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hello,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">With some minor tweaking of the keystone common/ldap/core.py file, I have been able to authenticate and get an unscoped token for a user from an LDAP Enterprise
 Directory. I want to continue testing but I have some questions that need to be answered before I can continue.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p style="margin-left:30.75pt">
<u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>1.<span style="font:7.0pt "Times New Roman"">      
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Do I need to add the user from the LDAP server to the Keystone SQL database or will the H-2 code search the LDAP server?<u></u><u></u></span></p>


<p style="margin-left:30.75pt">
<u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>2.<span style="font:7.0pt "Times New Roman"">      
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">When I performed a “keystone user-list” the following log file entries were written indicating that keystone was attempting to get all the users on
 the massive Enterprise Directory. How do we limit this query to just the one user or group of users we are interested in?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal" style="margin-left:25.5pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">2013-07-23 14:04:31    DEBUG [keystone.common.ldap.core] LDAP bind: dn=cn=CloudOSKeystoneDev, ou=Applications, o=<a href="http://hp.com" target="_blank">hp.com</a><u></u><u></u></span></p>


<p class="MsoNormal" style="margin-left:25.5pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">2013-07-23 14:04:32    DEBUG [keystone.common.ldap.core] In get_connection 6 user: cn=CloudOSKeystoneDev, ou=Applications, o=<a href="http://hp.com" target="_blank">hp.com</a><u></u><u></u></span></p>


<p class="MsoNormal" style="margin-left:25.5pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">2013-07-23 14:04:32    DEBUG [keystone.common.ldap.core] MY query in _<span style="background:yellow">ldap_get_all:
 (&)</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:20.25pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">  2013-07-23 14:04:32    DEBUG [keystone.common.ldap.core] LDAP search: dn=ou=People,o=<a href="http://hp.com" target="_blank">hp.com</a>, scope=2, query=(&), attrs=['businessCategory',
 'userPassword', 'hpStatus', 'mail', 'uid']<u></u><u></u></span></p>
<p style="margin-left:30.75pt">
<u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>3.<span style="font:7.0pt "Times New Roman"">      
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Next I want to acquire a scoped token. How do I assign the LDAP user to a local project?<u></u><u></u></span></p>


<p class="MsoNormal" style="margin-left:20.25pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Regards,<span class="HOEnZb"><font color="#888888"><u></u><u></u></font></span></span></p><span class="HOEnZb"><font color="#888888">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Mark Miller<u></u><u></u></span></p>
</font></span></div>
</div>

<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>