Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Hello,

I tried something similar some time ago. If I remember it correctly, there is a configuration key that reverses the way openstack interprets the enabled field.

Looking at a part of https://docs.openstack.org/admin-guide/identity-integrate-with-ldap.html

 [ldap]
user_id_attribute      = cn
user_name_attribute    = sn
user_mail_attribute    = mail
user_pass_attribute    = userPassword
user_enabled_attribute = userAccountControl
user_enabled_mask      = 2
user_enabled_invert    = false
user_enabled_default   = 512
user_default_project_id_attribute =
user_additional_attribute_mapping =

group_id_attribute     = cn
group_name_attribute   = ou
group_member_attribute = member
group_desc_attribute   = description
group_additional_attribute_mapping =

try playing with the value of user_enabled_invert.

I quit my experience when I logged in with an ldap user but figured out I had no access to any projects. If you figure ou how to cross that bridge please tell me!