Apologies for the lack of attention on that review; getting that in today and proposed for backport is my highest priority. If we can hold 2013.1.1 for keystone until this is considered for backporting, that would be much appreciated! I want to be clear though, this patch is cutting a feature (multi-domain support for LDAP/AD) from stable/grizzly rather than fixing it; while the feature technically works, it doesn't satisfy the use case it was intended to solve and results in unnecessary post-configuration setup for LDAP/AD deployments that may not be possible in the real world. Trying to backport a real "fix" would require backporting new features that are currently still in the blueprint phase for Havana. -Dolph On Tue, May 7, 2013 at 3:47 AM, Alan Pevec <apevec@gmail.com> wrote:
2013/5/6 Alan Pevec <apevec@gmail.com>:
2013/5/4 Adam Young <ayoung@redhat.com>:
* Keystone, from Dolph: no patch yet, critical issue "blurring the line between bug fix and feature change" https://bugs.launchpad.net/keystone/+bug/1175838 I'd hold out for this one. LDAP is broken without it.
Above bug was identified as a duplicate of https://bugs.launchpad.net/keystone/+bug/1168726 and Dolph is working on a patch https://review.openstack.org/28197 which hopefully will be ready for backporting soon.
Adam, Dolph - I don't see any progress on that review, what shall we do with Keystone 2013.1.1 ? We're supposed to release it in 2 days, do you want to skip this update until the fix for default domain in LDAP is ready?
Cheers, Alan