From 5b3a74d56a376afed64dd2515c4aa59995187433 Mon Sep 17 00:00:00 2001 From: Dolph Mathews Date: Wed, 12 Dec 2012 15:01:04 -0600 Subject: [PATCH] Support non-default role_id_attribute As is, a default value of 'cn' is hardcoded as the attribute name (which also happens to be the default value in keystone.config) used for role grants, revokes, etc. Change-Id: Ic36e6d726e2dc48714703c2dd7a433f3d34b78b1 --- keystone/identity/backends/ldap/core.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index bdff67260b..ebf5eb2f85 100644 --- a/keystone/identity/backends/ldap/core.py +++ b/keystone/identity/backends/ldap/core.py @@ -668,7 +668,8 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): if tenant_id is None: return self._id_to_dn(role_id) else: - return 'cn=%s,%s' % (ldap.dn.escape_dn_chars(role_id), + return '%s=%s,%s' % (self.id_attr, + ldap.dn.escape_dn_chars(role_id), self.tenant_api._id_to_dn(tenant_id)) def get(self, id, filter=None):