openstack
/
keystone
Code Issues Proposed changes
keystone/keystone/identity
History
Adam Young 08ff2a4dba Support nested groups in Active Directory 
Active Directory has a very specific mechanism to
handle nested groups.  LDAP queries need to look like this:

"(&(objectClass=group)
   (member=member:1.2.840.113556.1.4.1941:=CN=nwalnut,OU=Users,DC=EXAMPLE,DC=COM))"

If a deployment is using nested groups, three queries need to be
modified to support it:

  - list users in a group
  - list groups for a user
  - check if a user is in a group

Since all three are necessary, a single configuration value ensures
that the change is synchronized across all three calls.

(cherry picked from e8e56dc7c1)

Closed-Bug: #1638603
Change-Id: Ia66f81f86d7c43fbc5ba7f18ada91c77d047f7a2
 		2016-11-11 03:06:46 +00:00
..
backends Support nested groups in Active Directory 2016-11-11 03:06:46 +00:00
id_generators Replace six iteration methods with standard ones 2016-09-08 18:56:31 +08:00
mapping_backends Prevent error when duplicate mapping is created 2016-07-18 12:38:48 +03:00
shadow_backends Shadowing a nonlocal_user incorrectly creates a local_user 2016-08-20 02:57:25 +00:00
__init__.py Remove exposure of routers at package level 2015-12-03 15:06:56 -03:00
controllers.py Add schema validation to create user v2 2016-08-04 19:33:17 +00:00
core.py Distributed cache namespace to invalidate regions 2016-08-29 16:38:55 +00:00
generator.py Replace keystone.common.config with keystone.conf package 2016-06-24 17:02:15 +00:00
routers.py Implement HEAD method for all v3 GET actions 2016-03-22 10:27:53 -07:00
schema.py Fix some typos in comments 2016-08-26 12:17:00 +02:00