Revision history [back]

click to hide/show revision 1
initial version

Revoke tokens for user disabled in LDAP

If Keystone is set up with LDAP back-end and does not have write access to it, is there a way to invalidate tokens upon user lock/deletion in LDAP? From my observation all operations that would cause existing user tokens to be revoked require write rights to LDAP back-end.

Is there any existing solution?