Support non-default role_id_attribute

As is, a default value of 'cn' is hardcoded as the attribute name (which also happens to be the default value in keystone.config) used for role grants, revokes, etc. Change-Id: Ic36e6d726e2dc48714703c2dd7a433f3d34b78b1
2012-12-12 15:01:04 -06:00 · 2012-12-12 15:01:04 -06:00 · 5b3a74d56a
commit 5b3a74d56a
parent 6397580a52
1 changed files with 2 additions and 1 deletions
--- a/keystone/identity/backends/ldap/core.py
+++ b/keystone/identity/backends/ldap/core.py
@ -668,7 +668,8 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
        if tenant_id is None:
            return self._id_to_dn(role_id)
        else:
-            return 'cn=%s,%s' % (ldap.dn.escape_dn_chars(role_id),
+            return '%s=%s,%s' % (self.id_attr,
+                                 ldap.dn.escape_dn_chars(role_id),
                                 self.tenant_api._id_to_dn(tenant_id))

    def get(self, id, filter=None):