Makes the ldap backend return proper role metadata

The LDAP backend was not returning role metadata in the form of:

{ "roles": [ "<role_id>", "<role_id>" ] }

for user metadata on authentication, causing dash and command-line
tools to be unhappy.

Change-Id: Iccaea019ef1a0df708dc3a2cecc337b21cf382fc

AUTHORS

@@ -81,6 +81,7 @@ Ramana Juvvadi <ramana@venus.lekha.org>
 Ramana Juvvadi <rjuvvadi@hcl.com>
 Ramana Juvvadi <rrjuvvadi@gmail.com>
 Robin Norwood <robin.norwood@gmail.com>
+Ron Pedde <ron@pedde.com>
 root <root@bsirish.(none)>
 root <root@newapps.(none)>
 Russell Bryant <rbryant@redhat.com>

keystone/identity/backends/ldap/core.py

@@ -93,12 +93,12 @@ class Identity(identity.Driver):
             raise AssertionError('Invalid tenant')
 
         tenant_ref = self.get_tenant(tenant_id)
-        metadata_ref = {}
         # TODO(termie): this should probably be made into a get roles call
-        #if tenant_ref:
-        #    metadata_ref =  self.get_metadata(user_id, tenant_id)
-        #else:
-        #    metadata_ref = {}
+        if tenant_ref:
+            metadata_ref = self.get_metadata(user_id, tenant_id)
+        else:
+            metadata_ref = {}
+
         return  (_filter_user(user_ref), tenant_ref, metadata_ref)
 
     def get_tenant(self, tenant_id):
@@ -130,7 +130,9 @@ class Identity(identity.Driver):
             return {}
 
         metadata_ref = self.get_roles_for_user_and_tenant(user_id, tenant_id)
-        return metadata_ref or {}
+        if not metadata_ref:
+            return {}
+        return {'roles': metadata_ref}
 
     def get_role(self, role_id):
         return self.role.get(role_id)