<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 08/02/2013 06:59 PM, Miller, Mark M
(EB SW Cloud - R&D - Corvallis) wrote:<br>
</div>
<blockquote
cite="mid:D6182642CE6D2D4FBFCDF99946E249883B35F791@G9W0343.americas.hpqcorp.net"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
p.emailquote, li.emailquote, div.emailquote
{mso-style-name:emailquote;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:1.0pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:931090974;
mso-list-type:hybrid;
mso-list-template-ids:1402103742 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">With
some minor tweaking of the keystone common/ldap/core.py
file, I have been able to authenticate and get an unscoped
token for a user from an LDAP Enterprise Directory. I want
to continue testing but I have some questions that need to
be answered before I can continue.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph"
style="margin-left:30.75pt;text-indent:-.25in;mso-list:l0
level1 lfo1">
<!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span
style="mso-list:Ignore">1.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Do
I need to add the user from the LDAP server to the Keystone
SQL database or will the H-2 code search the LDAP server?</span></p>
</div>
</blockquote>
No. there is no entry in SQL for the user, only in LDAP.<br>
<blockquote
cite="mid:D6182642CE6D2D4FBFCDF99946E249883B35F791@G9W0343.americas.hpqcorp.net"
type="cite">
<div class="WordSection1">
<p class="MsoListParagraph"
style="margin-left:30.75pt;text-indent:-.25in;mso-list:l0
level1 lfo1"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoListParagraph"
style="margin-left:30.75pt;text-indent:-.25in;mso-list:l0
level1 lfo1">
<!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span
style="mso-list:Ignore">2.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">When
I performed a “keystone user-list” the following log file
entries were written indicating that keystone was attempting
to get all the users on the massive Enterprise Directory.
How do we limit this query to just the one user or group of
users we are interested in?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:25.5pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">2013-07-23
14:04:31 DEBUG [keystone.common.ldap.core] LDAP bind:
dn=cn=CloudOSKeystoneDev, ou=Applications, o=hp.com<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:25.5pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">2013-07-23
14:04:32 DEBUG [keystone.common.ldap.core] In
get_connection 6 user: cn=CloudOSKeystoneDev,
ou=Applications, o=hp.com<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:25.5pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">2013-07-23
14:04:32 DEBUG [keystone.common.ldap.core] MY query in _<span
style="background:yellow;mso-highlight:yellow">ldap_get_all:
(&)</span><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:20.25pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
2013-07-23 14:04:32 DEBUG [keystone.common.ldap.core]
LDAP search: dn=ou=People,o=hp.com, scope=2, query=(&),
attrs=['businessCategory', 'userPassword', 'hpStatus',
'mail', 'uid']</span></p>
</div>
</blockquote>
<br>
I think this bug is filed here:<br>
<a class="moz-txt-link-freetext" href="https://bugs.launchpad.net/keystone/+bug/1205150">https://bugs.launchpad.net/keystone/+bug/1205150</a><br>
<br>
I've grabbed it/<br>
<br>
<blockquote
cite="mid:D6182642CE6D2D4FBFCDF99946E249883B35F791@G9W0343.americas.hpqcorp.net"
type="cite">
<div class="WordSection1">
<p class="MsoNormal" style="margin-left:20.25pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoListParagraph"
style="margin-left:30.75pt;text-indent:-.25in;mso-list:l0
level1 lfo1">
<!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span
style="mso-list:Ignore">3.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Next
I want to acquire a scoped token. How do I assign the LDAP
user to a local project?</span></p>
</div>
</blockquote>
Use hte normal Keystone api for that. THe project and assignments
all happed in the SQL backend.<br>
<br>
<br>
<blockquote
cite="mid:D6182642CE6D2D4FBFCDF99946E249883B35F791@G9W0343.americas.hpqcorp.net"
type="cite">
<div class="WordSection1">
<p class="MsoListParagraph"
style="margin-left:30.75pt;text-indent:-.25in;mso-list:l0
level1 lfo1"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:20.25pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Mark
Miller<o:p></o:p></span></p>
</div>
</blockquote>
<br>
</body>
</html>