<div dir="ltr">On that note, I very much like how <a href="http://docs.python.org">docs.python.org</a> does it, where not only is the current page's version prominently specified at the top of the page, but it also serves as an easy way to switch to another version of the docs, e.g.: <a href="http://docs.python.org/2/tutorial/">http://docs.python.org/2/tutorial/</a></div>
<div class="gmail_extra"><br clear="all"><div><div><br></div>-Dolph</div>
<br><br><div class="gmail_quote">On Mon, Mar 4, 2013 at 4:40 PM, Steven Presser <span dir="ltr"><<a href="mailto:spresse1@jhu.edu" target="_blank">spresse1@jhu.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Anne,<br>
Yes that would. What I think might be a better revision is
putting the version somewhere prominently on the page (say, the
upper right hand corner, above "<prev|up|next>").<br>
<br>
Steve<div><div class="h5"><br>
<br>
On 03/04/2013 05:26 PM, Anne Gentle wrote:
<blockquote type="cite">
<div dir="ltr">I've been wondering whether we should have <a href="http://docs.openstack.org/master/" target="_blank">docs.openstack.org/master/</a>
to match expectations, would that have helped in your case?
Thanks for clarifying. <br>
<br>
Anne<br>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Mon, Mar 4, 2013 at 4:22 PM, Steven
Presser <span dir="ltr"><<a href="mailto:spresse1@jhu.edu" target="_blank">spresse1@jhu.edu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Apparently the trunk
docs. I could have sworn that wasn't what I bookmarked.
In any case, maybe explicitly marking trunk docs as
newer-than-latest would help?<br>
<br>
( <a href="http://docs.openstack.org/trunk/openstack-compute/admin/content/reference-for-ldap-config-options.html" target="_blank">http://docs.openstack.org/trunk/openstack-compute/admin/content/reference-for-ldap-config-options.html</a>)
<div>
<div><br>
<br>
On 03/04/2013 05:09 PM, Dolph Mathews wrote:
<blockquote type="cite">
<div dir="ltr">Yes, this feature just landed during
grizzly-m3.
<div><br>
</div>
<div>Which docs are you referring to? The variable
wasn't included in folsom's
etc/keystone.conf.sample, for example.</div>
</div>
<div class="gmail_extra"> <br clear="all">
<div>
<div><br>
</div>
-Dolph</div>
<br>
<br>
<div class="gmail_quote">On Mon, Mar 4, 2013 at
3:35 PM, Steven Presser <span dir="ltr"><<a href="mailto:spresse1@jhu.edu" target="_blank">spresse1@jhu.edu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> The
answer would appear to be that this flag
doesn't do anything in the Folsom release.
Apprently this was fixed by:<br>
<a href="https://bugs.launchpad.net/keystone/+bug/1122181" target="_blank">https://bugs.launchpad.net/keystone/+bug/1122181</a><br>
<br>
Unless I'm misreading something. Could we
perhaps update the docs to reflect the fact
that this isn't available in releases yet?
<div>
<div><br>
<br>
On 03/04/2013 04:08 PM, Steven Presser
wrote:
<blockquote type="cite"> This is what
came out of my logs. I've bolded what
looks relevant to me:<br>
<br>
LDAP init: url=<a>ldap://typhon.acm.jhu.edu</a><br>
2013-03-04 16:06:01 DEBUG
[keystone.common.ldap.core] LDAP bind:
dn=cn=admin,ou=OpenStack,dc=acm,dc=jhu,dc=edu<br>
2013-03-04 16:06:01 DEBUG
[keystone.common.ldap.core] LDAP
search:
dn=ou=Users,ou=OpenStack,dc=acm,dc=jhu,dc=edu,
<b>scope=1</b>,
query=(objectClass=inetOrgPerson)<br>
<br>
Unless I'm reading that very wrong, my
scope search request is being
ignored. Time to dive into the code,
I suppose.<br>
<br>
Steve<br>
<br>
On 03/04/2013 10:15 AM, Dolph Mathews
wrote:
<blockquote type="cite">
<div dir="ltr">I'd suggest enabling
debug=True in keystone.conf and
comparing the LDAP queries being
issued (shown in logs) against
what you're expecting.
<div>
<div><br>
</div>
<div>I believe that [ldap]
query_scope=sub does in fact
expand queries to apply to
subtrees, beyond just a single
level (as the default value
is <span style="font-family:arial,sans-serif;font-size:13px">query_scope=one).</span></div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div><br>
</div>
-Dolph</div>
<br>
<br>
<div class="gmail_quote">On Sun,
Mar 3, 2013 at 12:05 PM, Steven
Presser <span dir="ltr"><<a href="mailto:spresse1@jhu.edu" target="_blank">spresse1@jhu.edu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hey
all,<br>
I have some questions
about using the LDAP backend
for keystone. I'm in what
seems to be an odd situation.
I have an organization-wide
DLAP directory that already
exists. All of our users will
have access to OpenStack, so
we want to tie directly into
this directory. However, we
can't have service accounts
mixed in with the regular
users, at least not in any way
that might result in you being
able to log in to a service
account. For neatness, the
directory admin would prefer
that all the OpenStack stuff
be off in its own OU (and has
allocated us one so we can do
that).<br>
In that OU, I've set up
the recommended schema from <a href="http://docs.openstack.org/trunk/openstack-compute/admin/content/configuring-keystone-for-ldap-backend.html" target="_blank">http://docs.openstack.org/trunk/openstack-compute/admin/content/configuring-keystone-for-ldap-backend.html</a>
(changing it to my domain,
obviously). I then aliased
all our users in to ou=Users.
The relevant part of my
keystone.conf currently looks
like:<br>
<br>
[ldap]<br>
url = <a>ldap://</a>[host]<br>
user =
cn=admin,ou=OpenStack,dc=acm,dc=jhu,dc=edu<br>
password = [password]<br>
suffix = dc=acm,dc=jhu,dc=edu<br>
use_dumb_member = False<br>
allow_subtree_delete = False<br>
query_scope = sub<br>
<br>
As near as I can tell, this
should correspond to this
query:<br>
$ ldapsearch -x -D
cn=admin,ou=OpenStack,dc=acm,dc=jhu,dc=edu
-w [password] -b
dc=acm,dc=jhu,dc=edu
'(objectclass=inetOrgPerson)'
-s sub<br>
<br>
Which returns my aliased users
correctly. (that is, it
returns "dn:
uid=[uid],ou=People,dc=acm,dc=jhu,dc=edu"
for each user).<br>
<br>
I really can't figure out
whats going on here.
Logically, this should work,
but (obviously) doesn't.
Anyone have some advice for
me? My suspicion is that
query_scope=sub isn't doing
what I expect. (Returning
search results from within a
subtree)<br>
<br>
Oh, finally, I have DEREF
always enabled in ldap.conf.<br>
<br>
Thanks,<br>
Steve<br>
<br>
<br>
<br>
_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Mailing list: <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a>
Unsubscribe : <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div></div></div>
</blockquote></div><br></div>