Support non-default role_id_attribute

As is, a default value of 'cn' is hardcoded as the attribute name (which
also happens to be the default value in keystone.config) used for role
grants, revokes, etc.

Change-Id: Ic36e6d726e2dc48714703c2dd7a433f3d34b78b1
This commit is contained in:
Dolph Mathews 2012-12-12 15:01:04 -06:00
parent 6397580a52
commit 5b3a74d56a

View File

@ -668,7 +668,8 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
if tenant_id is None:
return self._id_to_dn(role_id)
else:
return 'cn=%s,%s' % (ldap.dn.escape_dn_chars(role_id),
return '%s=%s,%s' % (self.id_attr,
ldap.dn.escape_dn_chars(role_id),
self.tenant_api._id_to_dn(tenant_id))
def get(self, id, filter=None):