This is working as designed for keystone. I think this is more of an openstackclient bug -- openstackclient should support the filters that are available for user and group list (since it makes LDAP much more user friendly), these filters are both domain_id and name.
See the keystone v3 API: http://specs.openstack.org/openstack/keystone- specs/api/v3/identity-api-v3.html#list-groups openstackclient should have support for something like ... `openstack group list --domain ldapdomain --name testers` should return all groups with "testers" ** Also affects: python-openstackclient Importance: Undecided Status: New ** Changed in: python-openstackclient Status: New => Triaged ** Changed in: python-openstackclient Importance: Undecided => Medium ** Changed in: keystone Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1498569 Title: group_filter not working Status in OpenStack Identity (keystone): Won't Fix Status in python-openstackclient: Triaged Bug description: keystone 2014.2.2 using multi domains with one domain in AD ldap group_filter does not work user_filer (|(memberof=CN=group1....)(memberof=CN=group2.....)) works as expected, whereas group_filter (|(CN=group1...)(CN=group2...)) returns no groups in id_mapping table. openstack group list --domain ldapdomain (nothing is returned) so we have to take all the groups in the group_tree_dn we can have thousands of groups in a directory and we don't want to take them all. especially if we are binding to a global schema and searching for openstack users in multiple sites. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1498569/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
