ldap: fix config option docs for *_tree_dn

The user_tree_dn and group_tree_dn configurations claim that they use the value for prefix as-is, when they don't, as they get DEFAULT_OU appended[1] which is different depending on the resource[2][3]. To all the future people who will save countless hours, you're all welcome <3 [1]: 4530041931/keystone/identity/backends/ldap/common.py (L1148) [2]: 4530041931/keystone/identity/backends/ldap/core.py (L236) [3]: 4530041931/keystone/identity/backends/ldap/core.py (L357) Change-Id: Id14bc7d9770188c242f809752624f683fe3a6d7b
2020-06-10 13:17:36 -04:00 · 2020-06-10 13:17:36 -04:00 · f51c06eb09
parent c27c9d258d
commit f51c06eb09
1 changed files with 4 additions and 2 deletions
--- a/keystone/conf/ldap.py
+++ b/keystone/conf/ldap.py
@ -102,7 +102,8 @@ unset, the system's default behavior will be used.
 user_tree_dn = cfg.StrOpt(
    'user_tree_dn',
    help=utils.fmt("""
-The search base to use for users. Defaults to the `[ldap] suffix` value.
+The search base to use for users. Defaults to `ou=Users` with the `[ldap]
+suffix` appended to it.
 """))

 user_filter = cfg.StrOpt(
@ -257,7 +258,8 @@ API.
 group_tree_dn = cfg.StrOpt(
    'group_tree_dn',
    help=utils.fmt("""
-The search base to use for groups. Defaults to the `[ldap] suffix` value.
+The search base to use for groups. Defaults to `ou=UserGroups` with the `[ldap]
+suffix` appended to it.
 """))

 group_filter = cfg.StrOpt(