Ask Your Question

Revision history [back]

Why do you think token revokation requires LDAP write privllages?  Tokens doesn't use LDAP. If you detect user/lock deletion  then you need to get the tokens issued for the user and  delete it.

Look at this file , line no 210 for the method delete_tokens_for_user

https://github.com/openstack/keystone/blob/master/keystone/token/core.py
Why do you think token revokation requires LDAP write privllages?  Tokens doesn't don't use LDAP. If you detect user/lock deletion  then you need to get the tokens issued for the user and  delete it.

Look at this file , line no 210 for the method delete_tokens_for_user

https://github.com/openstack/keystone/blob/master/keystone/token/core.py