Thursday, 2014-11-27

*** david-lyle is now known as david-lyle_afk00:26
*** _cjones_ has quit IRC00:33
*** _cjones_ has joined #openstack-keystone00:36
crinklezigo: hmm, I think I'm either misunderstanding or I didn't communicate effectively - we're looking to consume python-openstackclient in the stackforge puppet modules, ideally without the user having to add a new repository, so my inquiry was about its status in the ubuntu standard package repositories or ubuntu cloud archive (and similarly for epel/rdo)00:45
crinkleit's great that we can use that package for development in the mean time though00:46
*** lhcheng has quit IRC00:46
*** lhcheng has joined #openstack-keystone00:47
zigocrinkle: I do *not* control whatever crap they do at Canonical ! :)00:50
crinklezigo: :)00:51
zigoI do my bugs only in Debian... :)00:51
zigocrinkle: You probably want to ask james page about that.00:51
*** lhcheng has quit IRC00:52
crinklezigo: does he have an irc nick?00:52
zigoYeah... jamespage ... :)00:52
crinklehow unexpected00:52
zigoOtherwise James Page <>00:53
crinkleawesome, thanks for your help!00:53
zigoBut he's currently logged on IRC (both OFTC and Freenode).00:53
zigocrinkle: No problem, and please do consider switching to Debian ! :)00:53
crinklezigo: haha, we're trying to support Debian + Ubuntu + RHEL :)00:54
crinklewill probably try to bug people after the holiday00:55
mgagnecrinkle: there is a list of packages available in Ubuntu Cloud Archive: and
crinklethat is useful00:56
mgagnecrinkle: unfortunately, python-openstackclient looks to not be packaged in UCA00:56
crinklehence my inquiry00:56
*** raildo_ has joined #openstack-keystone00:57
*** ekarlso- has quit IRC01:12
*** ekarlso- has joined #openstack-keystone01:13
*** diegows has quit IRC01:13
*** raildo_ has quit IRC01:26
*** henrynash has quit IRC01:29
*** henrynash has joined #openstack-keystone01:34
*** ChanServ sets mode: +v henrynash01:34
*** kobtea has joined #openstack-keystone01:34
*** NM has joined #openstack-keystone01:37
*** kobtea has quit IRC01:39
*** r-daneel has quit IRC01:47
*** NM has quit IRC01:57
*** _cjones_ has quit IRC01:58
*** tellesnobrega_ has quit IRC02:04
*** stevemar has joined #openstack-keystone02:11
*** ChanServ sets mode: +v stevemar02:11
*** fifieldt has joined #openstack-keystone02:13
*** htruta_ has quit IRC02:16
*** tellesnobrega_ has joined #openstack-keystone02:18
*** jorge_munoz has quit IRC02:18
*** erkules_ has joined #openstack-keystone02:27
*** erkules has quit IRC02:29
*** tellesnobrega_ has quit IRC02:29
*** tellesnobrega_ has joined #openstack-keystone02:44
*** saipandi has quit IRC02:48
*** KanagarajM has joined #openstack-keystone02:54
*** erkules_ is now known as erkules02:58
*** harlowja_ is now known as harlowja_away03:18
openstackgerritSteve Martinelli proposed openstack/keystone: Update docs to no longer show XML support
openstackgerritwanghong proposed openstack/keystone: move matching id check in policy update into controller
openstackgerritwanghong proposed openstack/keystone: move matching id check in policy update into controller
*** jdennis1 has quit IRC03:47
ayoungnkinder,  merged.  It twice got caught in a server migration issue, dropping it from Zuul.03:57
nkinderayoung: yep, I saw the notification04:00
nkinderayoung: nice to see that finally go through04:00
ayoungnkinder, I think we need to get more reviewers on the other puppet-keystone patches04:00
ayoungalso, Matt has an LDAP patch that is in merge conflict and has been sitting since August04:01
ayoungwant me to grab that?04:01
ayounger, Rich...not Matt04:02
ayoung  nkinder this one04:02
*** samuelms_ has joined #openstack-keystone04:06
*** samuelms has quit IRC04:09
openstackgerritayoung proposed openstack/keystone: better handling for empty/None ldap values
*** tellesnobrega_ has quit IRC04:27
*** oomichi_ has joined #openstack-keystone04:30
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Turn our auth plugin into a token interface
*** zzzeek has quit IRC04:37
*** stevemar has quit IRC04:39
openstackgerritJamie Lennox proposed openstack/python-keystoneclient: Fix importing config module and classmethod params
*** _cjones_ has joined #openstack-keystone04:59
*** _cjones_ has quit IRC05:04
*** kobtea has joined #openstack-keystone05:12
*** kobtea has quit IRC05:17
*** ajayaa has joined #openstack-keystone05:21
*** amakarov_away has quit IRC05:31
*** amakarov_away has joined #openstack-keystone05:31
*** Shohei has quit IRC05:35
*** Shohei has joined #openstack-keystone05:36
*** Shohei has quit IRC05:36
*** Shohei has joined #openstack-keystone05:37
openstackgerritMerged openstack/python-keystoneclient: Sync oslo-incubator to 1fc3cd47
*** _cjones_ has joined #openstack-keystone05:56
*** stevemar has joined #openstack-keystone06:03
*** ChanServ sets mode: +v stevemar06:03
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex
*** k4n0 has joined #openstack-keystone06:26
*** ukalifon1 has joined #openstack-keystone06:37
*** _cjones_ has quit IRC06:40
*** jamielennox is now known as jamielennox|away06:50
*** ekarlso- has quit IRC06:54
*** ekarlso- has joined #openstack-keystone06:54
openstackgerritSteve Martinelli proposed openstack/keystone: New stuff
ekarlso-stevemar: ^ not the best title i've seen :P07:41
openstackgerritSteve Martinelli proposed openstack/keystone: Add support for listing public idps
*** ukalifon1 has quit IRC07:47
openstackgerritMarcos Fermín Lobo proposed openstack/keystone: Implement group related methods for LDAP backend
*** stevemar has quit IRC07:56
*** henrynash has quit IRC07:59
*** henrynash has joined #openstack-keystone08:10
*** ChanServ sets mode: +v henrynash08:10
*** afazekas has joined #openstack-keystone08:19
*** oomichi_ has quit IRC08:24
*** kobtea has joined #openstack-keystone08:49
*** mzbik has joined #openstack-keystone08:52
mzbikAnyone alive here?08:54
*** kobtea has quit IRC08:54
mzbikHow can I pass filter like this (&(cn={0})(objectClass=groupOfUniqueNames)) in keystone with LDAP?08:55
mzbikexact question is: how to pass argument to that cn={0}?08:56
*** jistr has joined #openstack-keystone09:10
*** nellysmitt has joined #openstack-keystone09:14
*** xiaozhi_ has joined #openstack-keystone09:29
*** _cjones_ has joined #openstack-keystone09:41
*** _cjones_ has quit IRC09:45
*** tellesnobrega_ has joined #openstack-keystone10:15
*** henrynash has quit IRC10:24
*** tellesnobrega_ has quit IRC10:31
*** tellesnobrega_ has joined #openstack-keystone10:35
*** samuelms_ is now known as samuelms10:36
samuelmsmzbik, hi10:36
samuelmsmzbik, what do you'd like to do? filter users when calling list_users API?10:36
*** aix has joined #openstack-keystone10:37
*** tellesnobrega_ has quit IRC10:52
*** NM has joined #openstack-keystone10:52
*** fifieldt has quit IRC10:59
*** henrynash has joined #openstack-keystone11:08
*** ChanServ sets mode: +v henrynash11:08
mzbiksamuelms, rather I wanted to filter group name when listing groups11:13
mzbikI have huge LDAP11:13
mzbikI wanted to use /v3/groups?name=MyGroup&domain_id=123456 to filter only MyGroup11:14
mzbikin LDAP for that domain there are thousands of groups11:14
mzbikit too much for keystone (size exeeced)11:15
mzbikand I cant use page_size11:15
mzbikso I thout I could use that kind of filter to filter only one group without fetching all groups from LDAP11:17
*** NM has quit IRC11:30
*** NM has joined #openstack-keystone11:30
*** xiaozhi_ has quit IRC11:38
openstackgerritBoris Bobrov proposed openstack/python-keystoneclient: Add self-installation to venv deployment
*** henrynash has quit IRC11:48
*** aix has quit IRC11:55
samuelmsmzbik, why are you passing domain_id on your request?  /v3/groups?name=MyGroup&domain_id=12345611:58
samuelmsmzbik, one you have a token for that domain, you just need to query /v3/groups?name=MyGroup11:59
mzbiksamuelms, im affraid you are wrong12:00
mzbikit is obligatory if you have multibackend in keystone12:00
uvirtbotLaunchpad bug 1387379 in keystone "No documentation on the fact that List users/groups  require a domain to be specified in multi domain configuration" [Medium,In progress]12:00
mzbik"if domain-specific drivers are enabled then, as indicated above, you must specify a domain_id as par of the a GET /users or GET /groups call."12:01
samuelmsmzbik, so you're using this?12:03
samuelmsmzbik, you have multiple ldap connected instead of a single one as you said ..12:03
rodrigodsmzbik, you need to specify only if you don't have the domain_id in your token12:04
*** diegows has joined #openstack-keystone12:04
mzbikrodrigods, I have but it does not work, anyways clue is a bit different ;)12:05
*** diegows has quit IRC12:14
mzbiksamuelms, yes I have SQL backend for service users and LDAP for rest of users cause I have read-only LDAP and cannot change it.12:20
*** k4n0 has quit IRC12:26
samuelmsmzbik, ok .. I think ayoung is a good person to help you out .. he understand better how ldap things are implemented12:29
mzbikayoung, ping12:30
marekdmzbik: ^^ so you are now doomed :P12:30
mzbikAm I? :(12:30
mzbikerm... ayound is Adam Young?12:30
mzbikyes... Im doomed12:31
*** KanagarajM has quit IRC12:37
openstackgerritAndre Aranha proposed openstack/keystone-specs: Modify the policy file
*** kobtea has joined #openstack-keystone12:55
*** f13o_f13o has joined #openstack-keystone12:55
*** f13o_f13o has quit IRC12:55
*** kobtea has quit IRC12:59
*** aix has joined #openstack-keystone13:06
*** dims has joined #openstack-keystone13:20
*** dims_ has joined #openstack-keystone13:24
*** dims has quit IRC13:27
openstackgerritIlya Pekelny proposed openstack/keystone: Comparision of database models and migrations.
openstackgerritIlya Pekelny proposed openstack/keystone: Fix index name the assignment.actor_id table.
openstackgerritIlya Pekelny proposed openstack/keystone: Add primary key to the endpoint_group id column.
openstackgerritIlya Pekelny proposed openstack/keystone: Add index to the revocation_event.revoked_at.
openstackgerritIlya Pekelny proposed openstack/keystone: Migrate_repo init version helper
openstackgerritIlya Pekelny proposed openstack/keystone: Use metadata.create_all() to fill a test database
*** jaosorior has joined #openstack-keystone13:39
*** gordc has joined #openstack-keystone13:49
ajayaaHi. How does other openstack components check for project's existence in keystone, where project_id is used in the url.13:58
ayoungmzbik, it is thanksgiving here, and I am really not supposed to be doing work....13:59
ayoungI think you can filter on groups13:59
mzbikayoung, I will try to ping you after holidays then14:01
*** mzbik has quit IRC14:09
*** NM1 has joined #openstack-keystone14:29
*** NM has quit IRC14:31
*** ukalifon1 has joined #openstack-keystone14:39
*** _cjones_ has joined #openstack-keystone15:00
*** dims has joined #openstack-keystone15:05
*** dims_ has quit IRC15:09
*** stevemar has joined #openstack-keystone15:09
*** ChanServ sets mode: +v stevemar15:09
*** r-daneel has joined #openstack-keystone15:10
*** jdennis has joined #openstack-keystone15:23
*** NM1 has quit IRC15:28
marekdstevemar: if you make an apache configuration with <Location /v3/OS-FEDERATION/identity_providers/*/...>  you would need to *again* implement Discover service, something you want to do for Horizon already...15:29
marekdstevemar: so, you 'd go to horizon, choose idp of your choice, get redirected to Keystone, go again to similar page where you choose a IdP of your choice.15:29
marekdstevemar: hi, btw :-)15:31
stevemarmarekd, hello as well :)15:32
marekdmaybe the the alternative is to implement one endpoint, v3/OS-FEDERATION/websso15:33
marekdwhere a user is redirected always15:33
*** NM has joined #openstack-keystone15:33
marekdthen, he actually gets to the DS15:33
marekdwhich is completely separate from Keystone15:34
marekduser authenticates15:34
marekdgets back to /websso endpoint15:34
marekdand the right mapping is choosed basing on IdP identifier squeezed into saml assertion15:34
marekdthen, we would need to add entityId in the identity_provider objects, instead of is_public15:35
marekdlike here:
marekdyou know what i mean?15:41
*** ukalifon1 has quit IRC15:59
openstackgerritAlexander Makarov proposed openstack/keystone-specs: Trust redelegation documentation
*** stevemar has quit IRC16:27
*** _cjones_ has quit IRC16:28
*** kobtea has joined #openstack-keystone16:32
*** jaosorior has quit IRC16:33
*** kobtea has quit IRC16:37
*** _cjones_ has joined #openstack-keystone16:37
*** afazekas has quit IRC16:46
*** nellysmitt has quit IRC16:46
*** jdennis has quit IRC17:29
*** nellysmitt has joined #openstack-keystone17:31
*** ajayaa has quit IRC17:43
*** jistr has quit IRC17:50
*** diegows has joined #openstack-keystone17:52
*** mzbik has joined #openstack-keystone17:52
*** _cjones_ has quit IRC18:04
openstackgerritSergey Kraynev proposed openstack/python-keystoneclient: Using correct keyword for region in v3
*** _cjones_ has joined #openstack-keystone18:31
*** jaosorior has joined #openstack-keystone18:44
*** svasheka has quit IRC18:51
*** svasheka has joined #openstack-keystone18:51
*** stevemar has joined #openstack-keystone18:58
*** ChanServ sets mode: +v stevemar18:58
*** henrynash has joined #openstack-keystone19:05
*** ChanServ sets mode: +v henrynash19:05
*** aix has quit IRC19:15
*** dims has quit IRC19:27
openstackgerritAndre Aranha proposed openstack/keystone: Modify the policy v3 sample
openstackgerritAndre Aranha proposed openstack/keystone-specs: Modify the policy file
*** afaranha has left #openstack-keystone20:01
*** nellysmitt has quit IRC20:02
*** _cjones_ has quit IRC20:08
*** afaranha has joined #openstack-keystone20:09
*** kobtea has joined #openstack-keystone20:10
*** mzbik has quit IRC20:11
*** kobtea has quit IRC20:15
*** dims has joined #openstack-keystone20:27
*** mzbik has joined #openstack-keystone20:31
*** _cjones_ has joined #openstack-keystone20:34
*** mzbik_ has joined #openstack-keystone20:45
*** mzbik has quit IRC20:49
*** dims has quit IRC21:02
samuelmshenrynash, which one sounds better: '_list_applicable_assignments_TO_user_and_project' or '_list_applicable_assignments_FOR_user_and_project'?21:08
samuelmshenrynash, applicable should be direct + indirect assignments (from expansion)21:09
samuelmsdoes anyone know which one sounds better ?21:10
samuelmsI meant, which one is correct ? if both, then which one sounds better :p21:10
*** mzbik_ has quit IRC21:12
*** NM has quit IRC21:12
*** dims has joined #openstack-keystone21:14
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements
*** dims has quit IRC21:49
*** nellysmitt has joined #openstack-keystone22:03
*** nellysmitt has quit IRC22:07
*** samuelms_ has joined #openstack-keystone22:17
*** stevemar has quit IRC22:27
*** stevemar has joined #openstack-keystone22:29
*** ChanServ sets mode: +v stevemar22:29
*** lhcheng has joined #openstack-keystone22:40
*** stevemar has quit IRC22:54
*** gordc has quit IRC23:01
*** jamielennox|away is now known as jamielennox23:19
*** tellesnobrega_ has joined #openstack-keystone23:21
*** diegows has quit IRC23:21
*** jaosorior has quit IRC23:23
*** oomichi has joined #openstack-keystone23:43
*** dims has joined #openstack-keystone23:46
*** kobtea has joined #openstack-keystone23:47
*** kobtea has quit IRC23:52

Generated by 2.14.0 by Marius Gedminas - find it at!