<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 08/02/2013 06:59 PM, Miller, Mark M
      (EB SW Cloud - R&D - Corvallis) wrote:<br>
    </div>
    <blockquote
cite="mid:D6182642CE6D2D4FBFCDF99946E249883B35F791@G9W0343.americas.hpqcorp.net"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <meta name="Generator" content="Microsoft Word 14 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
p.emailquote, li.emailquote, div.emailquote
        {mso-style-name:emailquote;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:1.0pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle21
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle22
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle23
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle24
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle25
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:931090974;
        mso-list-type:hybrid;
        mso-list-template-ids:1402103742 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hello,<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">With
            some minor tweaking of the keystone common/ldap/core.py
            file, I have been able to authenticate and get an unscoped
            token for a user from an LDAP Enterprise Directory. I want
            to continue testing but I have some questions that need to
            be answered before I can continue.<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoListParagraph"
          style="margin-left:30.75pt;text-indent:-.25in;mso-list:l0
          level1 lfo1">
          <!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span
              style="mso-list:Ignore">1.<span style="font:7.0pt
                "Times New Roman"">      
              </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Do
            I need to add the user from the LDAP server to the Keystone
            SQL database or will the H-2 code search the LDAP server?</span></p>
      </div>
    </blockquote>
    No.  there is no entry in SQL for the user, only in LDAP.<br>
    <blockquote
cite="mid:D6182642CE6D2D4FBFCDF99946E249883B35F791@G9W0343.americas.hpqcorp.net"
      type="cite">
      <div class="WordSection1">
        <p class="MsoListParagraph"
          style="margin-left:30.75pt;text-indent:-.25in;mso-list:l0
          level1 lfo1"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
        <p class="MsoListParagraph"
          style="margin-left:30.75pt;text-indent:-.25in;mso-list:l0
          level1 lfo1">
          <!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span
              style="mso-list:Ignore">2.<span style="font:7.0pt
                "Times New Roman"">      
              </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">When
            I performed a “keystone user-list” the following log file
            entries were written indicating that keystone was attempting
            to get all the users on the massive Enterprise Directory.
            How do we limit this query to just the one user or group of
            users we are interested in?<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal" style="margin-left:25.5pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">2013-07-23
            14:04:31    DEBUG [keystone.common.ldap.core] LDAP bind:
            dn=cn=CloudOSKeystoneDev, ou=Applications, o=hp.com<o:p></o:p></span></p>
        <p class="MsoNormal" style="margin-left:25.5pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">2013-07-23
            14:04:32    DEBUG [keystone.common.ldap.core] In
            get_connection 6 user: cn=CloudOSKeystoneDev,
            ou=Applications, o=hp.com<o:p></o:p></span></p>
        <p class="MsoNormal" style="margin-left:25.5pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">2013-07-23
            14:04:32    DEBUG [keystone.common.ldap.core] MY query in _<span
              style="background:yellow;mso-highlight:yellow">ldap_get_all:

              (&)</span><o:p></o:p></span></p>
        <p class="MsoNormal" style="margin-left:20.25pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> 
            2013-07-23 14:04:32    DEBUG [keystone.common.ldap.core]
            LDAP search: dn=ou=People,o=hp.com, scope=2, query=(&),
            attrs=['businessCategory', 'userPassword', 'hpStatus',
            'mail', 'uid']</span></p>
      </div>
    </blockquote>
    <br>
    I think this bug is filed here:<br>
    <a class="moz-txt-link-freetext" href="https://bugs.launchpad.net/keystone/+bug/1205150">https://bugs.launchpad.net/keystone/+bug/1205150</a><br>
    <br>
    I've grabbed it/<br>
    <br>
    <blockquote
cite="mid:D6182642CE6D2D4FBFCDF99946E249883B35F791@G9W0343.americas.hpqcorp.net"
      type="cite">
      <div class="WordSection1">
        <p class="MsoNormal" style="margin-left:20.25pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
        <p class="MsoListParagraph"
          style="margin-left:30.75pt;text-indent:-.25in;mso-list:l0
          level1 lfo1">
          <!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span
              style="mso-list:Ignore">3.<span style="font:7.0pt
                "Times New Roman"">      
              </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Next
            I want to acquire a scoped token. How do I assign the LDAP
            user to a local project?</span></p>
      </div>
    </blockquote>
    Use hte normal Keystone api for that.  THe project and assignments
    all happed in the SQL backend.<br>
    <br>
    <br>
    <blockquote
cite="mid:D6182642CE6D2D4FBFCDF99946E249883B35F791@G9W0343.americas.hpqcorp.net"
      type="cite">
      <div class="WordSection1">
        <p class="MsoListParagraph"
          style="margin-left:30.75pt;text-indent:-.25in;mso-list:l0
          level1 lfo1"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
        <p class="MsoNormal" style="margin-left:20.25pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regards,<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Mark
            Miller<o:p></o:p></span></p>
      </div>
    </blockquote>
    <br>
  </body>
</html>