Ask Your Question

Revision history [back]

Also when solving this, keep in mind that this may not be allowed by Keystone when you are configured with LDAP Identity driver. Within this configuration the setting the following two scenarios will fail: 1) keystone.conf setting for ldap: user_allow_create=False 2) The authenticated user from ldap does not have privilege in LDAP to create other users in ldap.

Ref: https://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample

We are currently blocked by both of these scenarios. I'm not familiar with how to add use-case requirements into the blueprints and hope this helps to capture some needs for this fix.