Reviewed: https://review.openstack.org/605169 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=cbcccb9ecadc37d45a66b87cd80e2fd7ee3de3f7 Submitter: Zuul Branch: master
commit cbcccb9ecadc37d45a66b87cd80e2fd7ee3de3f7 Author: Adam Young <[email protected]> Date: Tue Sep 25 14:17:28 2018 -0400 Replace UUID with id_generator for Federated users The LDAP code has long had a swappable backend to generate the user IDs that map from LDAP to SQL. THe Federated code was supposed to use the same mechanism, but it ended up generating a UUID for the userid instead. This is a backwards compatible change that converts the Federated UserIDs to a sha256 hash of the same 3 pieces of data that LDAP now uses: the domain_id, the unique ID from the Federated backend, and the entity type (User). This code is tested via tox -e py35 -- keystone.tests.unit.test_shadow_users Longer IDs show up in some of the Federation tests closes-bug: 1641639 Change-Id: Ica21c54c1fcc9b44e4935718c8903237d0857120 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1641639 Title: use mapping_id for shadow users Status in OpenStack Identity (keystone): Fix Released Bug description: Currently, shadow users are created for users that log in through federation. New "local_user" accounts are created with a new UUID. Rather than creating a new UUID, we should re-use the mapping_id backend that was employed with LDAP users. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1641639/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
