Support non-default role_id_attribute
As is, a default value of 'cn' is hardcoded as the attribute name (which also happens to be the default value in keystone.config) used for role grants, revokes, etc. Change-Id: Ic36e6d726e2dc48714703c2dd7a433f3d34b78b1
This commit is contained in:
parent
6397580a52
commit
5b3a74d56a
@ -668,7 +668,8 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
|
||||
if tenant_id is None:
|
||||
return self._id_to_dn(role_id)
|
||||
else:
|
||||
return 'cn=%s,%s' % (ldap.dn.escape_dn_chars(role_id),
|
||||
return '%s=%s,%s' % (self.id_attr,
|
||||
ldap.dn.escape_dn_chars(role_id),
|
||||
self.tenant_api._id_to_dn(tenant_id))
|
||||
|
||||
def get(self, id, filter=None):
|
||||
|
Loading…
x
Reference in New Issue
Block a user