On 05/07/2013 11:20 AM, Dolph Mathews wrote:
Apologies for the lack of attention on that review; getting that in today and proposed for backport is my highest priority. If we can hold 2013.1.1 for keystone until this is considered for backporting, that would be much appreciated!

I want to be clear though, this patch is cutting a feature (multi-domain support for LDAP/AD) from stable/grizzly rather than fixing it; while the feature technically works, it doesn't satisfy the use case it was intended to solve and results in unnecessary post-configuration setup for LDAP/AD deployments that may not be possible in the real world. Trying to backport a real "fix" would require backporting new features that are currently still in the blueprint phase for Havana.

We are looking at a different patch that will, I think preserve the feature while still fixing the problem.  THe developer is doing due dilligence to ensure that it is fixed:

https://review.openstack.org/#/c/27364/




-Dolph


On Tue, May 7, 2013 at 3:47 AM, Alan Pevec <apevec@gmail.com> wrote:
2013/5/6 Alan Pevec <apevec@gmail.com>:
> 2013/5/4 Adam Young <ayoung@redhat.com>:
>>> * Keystone, from Dolph: no patch yet, critical issue "blurring the
>>> line between bug fix and feature change"
>>>    https://bugs.launchpad.net/keystone/+bug/1175838
>> I'd hold out for this one.  LDAP is broken without it.
>
> Above bug was identified as a duplicate of
> https://bugs.launchpad.net/keystone/+bug/1168726
> and Dolph is working on a patch https://review.openstack.org/28197
> which hopefully will be ready for backporting soon.

Adam, Dolph - I don't see any progress on that review, what shall we
do with Keystone 2013.1.1 ?
We're supposed to release it in 2 days, do you want to skip this
update until the fix for default domain in LDAP is ready?

Cheers,
Alan