Thanks for the suggestion! However, I'm going to mark this as Won't Fix since I don't think this is within keystone's purview.
The reason we have auto-created projects for mapped users is because without it there is no way to create direct role assignments for those users since they don't exist before the first time they log in. For SQL or LDAP users, this isn't the case: SQL users exist in the database, and LDAP users can have their IDs generated in the database to allow admins to create role assignments on them. You could use a script or configuration management tool to manage creating projects for your users. You could also check out Adjutant which is good for workflow management problems like this: https://adjutant.readthedocs.io/en/latest/ ** Changed in: keystone Status: New => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1836872 Title: [RFE] Default project auto creation Status in OpenStack Identity (keystone): Won't Fix Bug description: I found 'mapped' plugin for federations has functionality that project is auto created for the logged user. I think it's quite reasonable to has similar functionality not only for federations but also for other identity plugins. For example, we has custom code in keystone to create so called 'personal default project' when the user was trying to login at first. I think we replace our custom codes if keystone can handle it. Thanks! To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1836872/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp