Ldap multiple user_tree_dn

Hi There

I have managed to get Ldap authentication working (Active Directory specfically) but I am having a bit of trouble with the layout. I am using the Suse Cloud Hybrid Identity driver(https://github.com/SUSE-Cloud/keystone-hybrid-backend/tree/kilo).

The problem is that the users in the Directory are spread out over a number of OU's and I cannot get all of them in the user_tree_dn. If I don't set a user_tree_dn or I set the dn to one level I don't get any users listed. This is a production Active Directory so changing everything around to suit Openstack isn't really possible.

Is there any way of specifying multiple user_tree_dn's or an option to write my own ldap query?

Thanks in advance for any help.

Hello, did you manage to solve this somehow? I'm having the same issue. Thanks!

Petar Koraca ( 2016-08-31 07:25:38 -0500 )

Petar, I'm afraid not directly. I stopped using ldap so its not an issue for me anymore.

humankind135 ( 2016-10-21 04:21:16 -0500 )

If I remember correctly issue was that AD response was restricted to something like 1000 records (less that no. of our users). We solved it with user filter.

Petar Koraca ( 2016-11-03 14:11:26 -0500 )

It happened again to us, since filtered query went above 1000. If additional query filter is not an option, you can increase MaxPageSize on Active Directory.

Petar Koraca ( 2016-12-20 08:26:21 -0500 )