From 8e88083bbca2af94b541dec7d73e9fd85490fd44 Mon Sep 17 00:00:00 2001
From: Lance Bragstad <lbragstad@gmail.com>
Date: Tue, 19 Nov 2019 14:26:39 -0600
Subject: [PATCH] Remove configuration options for ldap write support

Keystone removed LDAP write support in Ocata. Prior to that it was
deprecated for several releases.

To minimize confusion, we should remove these configuration options
from the domain-specific backend environment. They're silently ignored
by keystone and give the impression that the functionality still
exists.

This helps keep our keystone configuration clean and up-to-date.

Relevant release notes that advertised this removal:

  https://docs.openstack.org/releasenotes/keystone/ocata.html#relnotes-11-0-0-origin-stable-ocata-other-notes

Change-Id: I24660e34370820d6dc943e1b82a602e40305d5f4
---
 .../services/keystone_domain_specific_ldap_backend.yaml        | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/environments/services/keystone_domain_specific_ldap_backend.yaml b/environments/services/keystone_domain_specific_ldap_backend.yaml
index 3cc9c7b745..da9670ac6f 100644
--- a/environments/services/keystone_domain_specific_ldap_backend.yaml
+++ b/environments/services/keystone_domain_specific_ldap_backend.yaml
@@ -13,6 +13,3 @@ parameter_defaults:
       user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=tripleo,dc=example,dc=com)"
       user_objectclass: person
       user_id_attribute: cn
-      user_allow_create: false
-      user_allow_update: false
-      user_allow_delete: false