<html>
<head>
<meta content="text/html; charset=EUC-KR" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 08/06/2013 05:02 PM, Miller, Mark M
(EB SW Cloud - R&D - Corvallis) wrote:<br>
</div>
<blockquote
cite="mid:D6182642CE6D2D4FBFCDF99946E249883B360697@G9W0343.americas.hpqcorp.net"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=EUC-KR">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Gulim;
panose-1:2 11 6 0 0 1 1 1 1 1;}
@font-face
{font-family:Gulim;
panose-1:2 11 6 0 0 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@Gulim";
panose-1:2 11 6 0 0 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;
mso-fareast-language:KO;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:KO;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;
mso-fareast-language:KO;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
p.emailquote, li.emailquote, div.emailquote
{mso-style-name:emailquote;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:1.0pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;
mso-fareast-language:KO;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle27
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:840239790;
mso-list-template-ids:-994011890;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
margin-left:2.5in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
margin-left:3.0in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
margin-left:3.5in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
margin-left:4.0in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
margin-left:4.5in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:5.0in;
mso-level-number-position:left;
margin-left:5.0in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:5.5in;
mso-level-number-position:left;
margin-left:5.5in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:6.0in;
mso-level-number-position:left;
margin-left:6.0in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:6.5in;
mso-level-number-position:left;
margin-left:6.5in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:904024355;
mso-list-type:hybrid;
mso-list-template-ids:386690730 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:931090974;
mso-list-type:hybrid;
mso-list-template-ids:1402103742 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l2:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l3
{mso-list-id:1028486648;
mso-list-type:hybrid;
mso-list-template-ids:1090427488 -1871274788 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
{mso-level-start-at:2013;
mso-level-number-format:bullet;
mso-level-text:\F0D8;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.75in;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.25in;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.75in;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Next
problem:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
am using ldaps to connect to the LDAP server. Although I am
not using TLS, I do need to set/use the
ldap.OPT_X_TLS_CERTFILE option. However, the current has no
way to let me do this so I have added an if statement in the
following code to temporarily get around this issue (file
keystone/common/ldap/core.py). This may not be the best
place/way to fix my problem. Please let me know if I need to
use some other configuration parameters in keystone.conf or
if I have found a bug.</span></p>
</div>
</blockquote>
This looks like Windows. I thought that implied TLS.<br>
However, there is a certfile parameter on the LDAP backend already,
just for TLS. LDAP.tls_cacertfile<br>
<br>
I think it will be OK to conditionally set the options based on the
presence of this variable in the LDAPS code path:<br>
<br>
<br>
if CONF.LDAP.tls_cacertfile:<span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><br>
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">CONF.LDAP.tls_cacertfile
)</span><br>
<br>
<br>
<blockquote
cite="mid:D6182642CE6D2D4FBFCDF99946E249883B360697@G9W0343.americas.hpqcorp.net"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Similar
Python sample code:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,
"d:/etc/ssl/certs/hpca2ssG2_ns.cer")<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">#
ldap.set_option( ldap.OPT_DEBUG_LEVEL, 255 )<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
ldap_client = ldap.initialize(host)<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
ldap_client.protocol_version = ldap.VERSION3<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
ldap_client.simple_bind_s(binduser,bindpw)<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
ldapBound = True<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
filter = '(uid=mark.m*)'<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
attrs = ['cn', 'mail', 'uid', 'hpStatus']<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
print ("base: %s, scope: %s, filter: %s, attrs:%s" % (base,
scope, filter, attrs))<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
r = ldap_client.search_s(base, scope, filter, attrs)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Mark<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><img
id="Picture_x0020_1"
src="cid:part1.04000404.07030208@redhat.com" height="1560"
width="1977"></span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
Adam Young [<a class="moz-txt-link-freetext" href="mailto:ayoung@redhat.com">mailto:ayoung@redhat.com</a>]
<br>
<b>Sent:</b> Monday, August 05, 2013 5:32 PM<br>
<b>To:</b> Miller, Mark M (EB SW Cloud - R&D -
Corvallis)<br>
<b>Cc:</b> OpenStack Development Mailing List; Dolph
Mathews (<a class="moz-txt-link-abbreviated" href="mailto:dolph.mathews@gmail.com">dolph.mathews@gmail.com</a>); Yee, Guang<br>
<b>Subject:</b> Re: Keystone Split Backend LDAP Question<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 08/05/2013 07:37 PM, Miller, Mark M
(EB SW Cloud - R&D - Corvallis) wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
have been inserting debug logging and stack traces into
the code base to help find out what is and is not
happening.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l1 level1 lfo2"><!--[if !supportLists]--><span
style="font-family:Symbol"><span style="mso-list:Ignore">¡¤<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
am able to connect the LDAP backend to our Enterprise
Directory and perform a REST ¡°get an unscoped token¡± from
keystone. Following is the result:</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:3.75pt;margin-left:0in;text-indent:-.25in;line-height:13.5pt;mso-list:l0
level1 lfo4;background:white">
<!--[if !supportLists]--><span
style="font-size:10.0pt;font-family:Symbol"><span
style="mso-list:Ignore">¡¤<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><b><span
style="font-size:8.5pt;font-family:"Helvetica","sans-serif";color:#555555">Connection
¡æ</span></b><span
style="font-size:8.5pt;font-family:"Helvetica","sans-serif";color:#111111">keep-alive</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:3.75pt;margin-left:0in;text-indent:-.25in;line-height:13.5pt;mso-list:l0
level1 lfo4;background:white">
<!--[if !supportLists]--><span
style="font-size:10.0pt;font-family:Symbol"><span
style="mso-list:Ignore">¡¤<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><b><span
style="font-size:8.5pt;font-family:"Helvetica","sans-serif";color:#555555">Content-Length
¡æ</span></b><span
style="font-size:8.5pt;font-family:"Helvetica","sans-serif";color:#111111">259</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:3.75pt;margin-left:0in;text-indent:-.25in;line-height:13.5pt;mso-list:l0
level1 lfo4;background:white">
<!--[if !supportLists]--><span
style="font-size:10.0pt;font-family:Symbol"><span
style="mso-list:Ignore">¡¤<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><b><span
style="font-size:8.5pt;font-family:"Helvetica","sans-serif";color:#555555">Content-Type
¡æ</span></b><span
style="font-size:8.5pt;font-family:"Helvetica","sans-serif";color:#111111">application/json</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:3.75pt;margin-left:0in;text-indent:-.25in;line-height:13.5pt;mso-list:l0
level1 lfo4;background:white">
<!--[if !supportLists]--><span
style="font-size:10.0pt;font-family:Symbol"><span
style="mso-list:Ignore">¡¤<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><b><span
style="font-size:8.5pt;font-family:"Helvetica","sans-serif";color:#555555">Date
¡æ</span></b><span
style="font-size:8.5pt;font-family:"Helvetica","sans-serif";color:#111111">Fri,
26 Jul 2013 21:49:16 GMT</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:3.75pt;margin-left:0in;text-indent:-.25in;line-height:13.5pt;mso-list:l0
level1 lfo4;background:white">
<!--[if !supportLists]--><span
style="font-size:10.0pt;font-family:Symbol"><span
style="mso-list:Ignore">¡¤<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><b><span
style="font-size:8.5pt;font-family:"Helvetica","sans-serif";color:#555555">Vary
¡æ</span></b><span
style="font-size:8.5pt;font-family:"Helvetica","sans-serif";color:#111111">X-Auth-Token</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:3.75pt;margin-left:0in;text-indent:-.25in;line-height:13.5pt;mso-list:l0
level1 lfo4;background:white">
<!--[if !supportLists]--><span
style="font-size:10.0pt;font-family:Symbol"><span
style="mso-list:Ignore">¡¤<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><b><span
style="font-size:8.5pt;font-family:"Helvetica","sans-serif";color:#555555">X-Subject-Token
¡æ</span></b><span
style="font-size:8.5pt;font-family:"Helvetica","sans-serif";color:#111111">cae95a17517245798acb17c47b8eb74b</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">{</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
"token": {</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
"issued_at": "2013-07-26T21:49:16.951821Z",</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
"extras": {},</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
"methods": [</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
"password"</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
],</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
"expires_at": "2045-04-03T19:49:16.951738Z",</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
"user": {</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
"domain": {</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
"id": "default",</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
"name": "Default"</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
},</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
"id":
<a moz-do-not-send="true"
href="mailto:mark.m.miller@hp.com">"mark.m.miller@hp.com"</a>,</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
"name":
<a moz-do-not-send="true"
href="mailto:mark.m.miller@hp.com">"mark.m.miller@hp.com"</a></span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
}</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
}</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">}</span><o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l1 level1 lfo2"><!--[if !supportLists]--><span
style="font-family:Symbol"><span style="mso-list:Ignore">¡¤<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">When
I attempt to assign a role to the user:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:.75in;text-indent:-.25in;mso-list:l3
level1 lfo6">
<!--[if !supportLists]--><span style="font-family:Wingdings"><span
style="mso-list:Ignore">¨ª<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">keystone
user-role-add --user
<a moz-do-not-send="true"
href="mailto:mark.m.miller@hp.com">"mark.m.miller@hp.com"</a>
--role-id 7fb862d10b5c46679b4334eae9c73a46 --tenant-id
9798b027472d4f459d231c005977b3ac</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The
¡°identity/controllers/get_users()¡± method is called
instead of the ¡°get_user_by_name()¡± method.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-family:"Gulim","sans-serif""><br>
Opened a bug for this.<br>
<a moz-do-not-send="true"
href="https://bugs.launchpad.net/keystone/+bug/1208653">https://bugs.launchpad.net/keystone/+bug/1208653</a><br>
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Does
anyone know why or how to fix this or if what I am trying to
do even works?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regards,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Mark
Miller</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Miller, Mark M (EB SW Cloud - R&D - Corvallis)
<br>
<b>Sent:</b> Friday, August 02, 2013 4:00 PM<br>
<b>To:</b> OpenStack Development Mailing List; Adam
Young (<a moz-do-not-send="true"
href="mailto:ayoung@redhat.com">ayoung@redhat.com</a>);
Dolph Mathews (<a moz-do-not-send="true"
href="mailto:dolph.mathews@gmail.com">dolph.mathews@gmail.com</a>);
Yee, Guang<br>
<b>Subject:</b> Re: [openstack-dev] Keystone Split
Backend LDAP Question</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hello,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">With
some minor tweaking of the keystone common/ldap/core.py
file, I have been able to authenticate and get an unscoped
token for a user from an LDAP Enterprise Directory. I want
to continue testing but I have some questions that need to
be answered before I can continue.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:30.75pt;text-indent:-.25in;mso-list:l2
level1 lfo8">
<!--[if !supportLists]--><span style="mso-list:Ignore">1.<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Do
I need to add the user from the LDAP server to the Keystone
SQL database or will the H-2 code search the LDAP server?</span><o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:30.75pt;text-indent:-.25in;mso-list:l2
level1 lfo8">
<!--[if !supportLists]--><span style="mso-list:Ignore">2.<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">When
I performed a ¡°keystone user-list¡± the following log file
entries were written indicating that keystone was attempting
to get all the users on the massive Enterprise Directory.
How do we limit this query to just the one user or group of
users we are interested in?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:25.5pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">2013-07-23
14:04:31 DEBUG [keystone.common.ldap.core] LDAP bind:
dn=cn=CloudOSKeystoneDev, ou=Applications, o=hp.com</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:25.5pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">2013-07-23
14:04:32 DEBUG [keystone.common.ldap.core] In
get_connection 6 user: cn=CloudOSKeystoneDev,
ou=Applications, o=hp.com</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:25.5pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">2013-07-23
14:04:32 DEBUG [keystone.common.ldap.core] MY query in _<span
style="background:yellow;mso-highlight:yellow">ldap_get_all:
(&)</span></span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:20.25pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
2013-07-23 14:04:32 DEBUG [keystone.common.ldap.core]
LDAP search: dn=ou=People,o=hp.com, scope=2, query=(&),
attrs=['businessCategory', 'userPassword', 'hpStatus',
'mail', 'uid']</span><o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:30.75pt;text-indent:-.25in;mso-list:l2
level1 lfo8">
<!--[if !supportLists]--><span style="mso-list:Ignore">3.<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Next
I want to acquire a scoped token. How do I assign the LDAP
user to a local project?</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:20.25pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regards,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Mark
Miller</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Gulim","sans-serif""><o:p> </o:p></span></p>
</div>
</blockquote>
<br>
</body>
</html>