From 2c29d4ca4bd841823aa57e0cea7e97d5c2854581 Mon Sep 17 00:00:00 2001
From: Derek Yarnell <derek@umiacs.umd.edu>
Date: Mon, 10 Sep 2012 20:52:14 -0400
Subject: LDAP backend attribute fixes

R Boden and Adam Young assissted on this patch.

There are two issues with the TenantAPI for the ldap Identity.

There is a mistaken attribute_mapping entry, which was mapping
'description' into 'desc'. Per RFC 2256 there should be no need to map
this as the attribute as it is already 'description' in the LDAP
schema. I am not aware of any other schema that would use 'desc'
attribute for a 'groupOfNames' object.

Since there is no support (yet) for users, tenants or roles to be
enabled/disabled there needs to be a attribute_ignore set for the
'enabled' attribute.

Bug 980085

Change-Id: I40afa7a1345c45c119e699bf4fd4c99652f66c2f
---
 keystone/identity/backends/ldap/core.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'keystone/identity')

diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py
index 5b32a679..03d3ab61 100644
--- a/keystone/identity/backends/ldap/core.py
+++ b/keystone/identity/backends/ldap/core.py
@@ -333,7 +333,7 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin):
     DEFAULT_OBJECTCLASS = 'inetOrgPerson'
     options_name = 'user'
     attribute_mapping = {'password': 'userPassword',
-                         #'email': 'mail',
+                         'email': 'mail',
                          'name': 'sn'}
 
     # NOTE(ayoung): The RFC based schemas don't have a way to indicate
@@ -341,7 +341,7 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin):
     # be part of any objectclass.
     # in the future, we need to provide a way for the end user to
     # indicate the field to use and what it indicates
-    attribute_ignore = ['tenant_id', 'enabled', 'tenants']
+    attribute_ignore = ['tenantId', 'enabled', 'tenants']
     model = models.User
 
     def __init__(self, conf):
@@ -466,7 +466,8 @@ class TenantApi(common_ldap.BaseLdap, ApiShimMixin):
     DEFAULT_ID_ATTR = 'cn'
     DEFAULT_MEMBER_ATTRIBUTE = 'member'
     options_name = 'tenant'
-    attribute_mapping = {'description': 'desc', 'name': 'ou'}
+    attribute_mapping = {'name': 'ou', 'tenantId': 'cn'}
+    attribute_ignore = ['enabled']
     model = models.Tenant
 
     def __init__(self, conf):
-- 
cgit