Hi Radosław,

On Tue, Aug 6, 2019, at 04:13, Radosław Piliszek wrote:
> Hello all,
>
> I investigated the case.
> My issue arises from group_members_are_ids ignored for
> user_enabled_emulation_use_group_config.
> I reported a bug in keystone:
> https://bugs.launchpad.net/keystone/+bug/1839133
> and will submit a patch.
> Hopefully it helps someone else as well.
>
> Kind regards,
> Radek

Thanks for the bug report and the patch. I've added the [ops] tag to the subject line of this thread because I'm curious how many other people have tried to use the user_enabled_emulation feature and whether anyone else has run into this problem.

I'm seeing similar behavior even when using the groupOfNames objectclass and not using group_members_are_ids, so I'm hesitant to add conditionals based on that configuration.

Have you tried this on any other versions of keystone besides Stein?

Colleen

>
> sob., 3 sie 2019 o 20:56 Radosław Piliszek
> <radoslaw.piliszek@gmail.com> napisał(a):
> > Hello all,
> >
> > I have an issue using user_enabled_emulation with my LDAP solution.
> >
> > I set:
> > user_tree_dn = ou=Users,o=UCO
> > user_objectclass = inetOrgPerson
> > user_id_attribute = uid
> > user_name_attribute = uid
> > user_enabled_emulation = true
> > user_enabled_emulation_dn = cn=Users,ou=Groups,o=UCO
> > user_enabled_emulation_use_group_config = true
> > group_tree_dn = ou=Groups,o=UCO
> > group_objectclass = posixGroup
> > group_id_attribute = cn
> > group_name_attribute = cn
> > group_member_attribute = memberUid
> > group_members_are_ids = true
> >
> > Keystone properly lists members of the Users group but they all remain disabled.
> > Did I misinterpret something?
> >
> > Kind regards,
> > Radek