Why does keystone use 'sn' instead 'cn' or 'local_id' when integrated with Active Directory ?

Solution In Progress - Updated -

Issue

  • Keystone lists user's Name as 'sn' value instead of 'cn' value from Active Directory .
  • Keystone does not list 'local_id' attribue value in keystone.id_mapping table as Name for users .
  • Active Directory user names are listed by Surnames with following keystone configuration :
[ldap]
user_tree_dn=ou=production,ou=people,ou=ORG,DC=example,DC=com
user_objectclass=person
user_id_attribute-cn
user_name_attribute=cn
user_mail_attribute=mail

Environment

Red Hat OpenStack

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In