Hi There

I have managed to get Ldap authentication working (Active Directory specfically) but I am having a bit of trouble with the layout. I am using the Suse Cloud Hybrid Identity driver(https://github.com/SUSE-Cloud/keystone-hybrid-backend/tree/kilo).

The problem is that the users in the Directory are spread out over a number of OU's and I cannot get all of them in the user_tree_dn. If I don't set a user_tree_dn or I set the dn to one level I don't get any users listed. This is a production Active Directory so changing everything around to suit Openstack isn't really possible.

Is there any way of specifying multiple user_tree_dn's or an option to write my own ldap query?

Thanks in advance for any help.

Hello, did you manage to solve this somehow? I'm having the same issue. Thanks!

Hello, did you manage to solve this somehow? I'm having the same issue. Thanks!

Petar, I'm afraid not directly. I stopped using ldap so its not an issue for me anymore.

Petar, I'm afraid not directly. I stopped using ldap so its not an issue for me anymore.

If I remember correctly issue was that AD response was restricted to something like 1000 records (less that no. of our users). We solved it with user filter.

Petar Koraca gravatar imagePetar Koraca ( 2016-11-03 14:11:26 -0600 )edit

It happened again to us, since filtered query went above 1000. If additional query filter is not an option, you can increase MaxPageSize on Active Directory.

Petar Koraca gravatar imagePetar Koraca ( 2016-12-20 08:26:21 -0600 )edit