)]}'
{"src/config.yaml":[{"author":{"_account_id":14567,"name":"Rodrigo Barbieri","email":"rodrigo.barbieri2010@gmail.com","username":"ganso"},"change_message_id":"9b4015f0e8e8045ce1251cc4a83a10e08e7a9ed0","unresolved":false,"context_lines":[{"line_number":71,"context_line":"  ldap-user-filter:"},{"line_number":72,"context_line":"    type: string"},{"line_number":73,"context_line":"    default: (memberof\u003dcn\u003dopenstack_group,ou\u003dgroups,dc\u003dexample,dc\u003dcom)"},{"line_number":74,"context_line":"    description:"},{"line_number":75,"context_line":"      This option sets the LDAP search filter to use for the users."},{"line_number":76,"context_line":"  ldap-user-objectclass:"},{"line_number":77,"context_line":"    type: string"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"9f560f44_6d6c549c","line":74,"updated":"2020-09-02 14:12:44.000000000","message":"missing |","commit_id":"93a103b4c6f14b36cf38364ec7cf292f20362fc7"},{"author":{"_account_id":10366,"name":"Hemanth N","email":"hemanth.nakkina@canonical.com","username":"Hemanth"},"change_message_id":"fb4231dbc5424f28df0f266aeda0f604768848a9","unresolved":false,"context_lines":[{"line_number":71,"context_line":"  ldap-user-filter:"},{"line_number":72,"context_line":"    type: string"},{"line_number":73,"context_line":"    default: (memberof\u003dcn\u003dopenstack_group,ou\u003dgroups,dc\u003dexample,dc\u003dcom)"},{"line_number":74,"context_line":"    description:"},{"line_number":75,"context_line":"      This option sets the LDAP search filter to use for the users."},{"line_number":76,"context_line":"  ldap-user-objectclass:"},{"line_number":77,"context_line":"    type: string"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"9f560f44_465ffc4c","line":74,"in_reply_to":"9f560f44_6d6c549c","updated":"2020-09-14 10:59:50.000000000","message":"Done","commit_id":"93a103b4c6f14b36cf38364ec7cf292f20362fc7"},{"author":{"_account_id":14567,"name":"Rodrigo Barbieri","email":"rodrigo.barbieri2010@gmail.com","username":"ganso"},"change_message_id":"9b4015f0e8e8045ce1251cc4a83a10e08e7a9ed0","unresolved":false,"context_lines":[{"line_number":108,"context_line":"      Bitmask integer to select which bit indicates the enabled value if"},{"line_number":109,"context_line":"      the LDAP server represents enabled as a bit on an integer rather"},{"line_number":110,"context_line":"      than as a discrete boolean. If the option is set to 0, the mask is"},{"line_number":111,"context_line":"      not used. If the option is not set, it defaults to 2. This option"},{"line_number":112,"context_line":"      is typically used when ldap-user-enabled-attribute is set to"},{"line_number":113,"context_line":"      \u0027userAccessControl\u0027."},{"line_number":114,"context_line":"  ldap-user-enabled-default:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"9f560f44_8da288ac","line":111,"range":{"start_line":111,"start_character":16,"end_line":111,"end_character":58},"updated":"2020-09-02 14:12:44.000000000","message":"shouldn\u0027t the default be 2 then ?","commit_id":"93a103b4c6f14b36cf38364ec7cf292f20362fc7"},{"author":{"_account_id":10366,"name":"Hemanth N","email":"hemanth.nakkina@canonical.com","username":"Hemanth"},"change_message_id":"fb4231dbc5424f28df0f266aeda0f604768848a9","unresolved":false,"context_lines":[{"line_number":108,"context_line":"      Bitmask integer to select which bit indicates the enabled value if"},{"line_number":109,"context_line":"      the LDAP server represents enabled as a bit on an integer rather"},{"line_number":110,"context_line":"      than as a discrete boolean. If the option is set to 0, the mask is"},{"line_number":111,"context_line":"      not used. If the option is not set, it defaults to 2. This option"},{"line_number":112,"context_line":"      is typically used when ldap-user-enabled-attribute is set to"},{"line_number":113,"context_line":"      \u0027userAccessControl\u0027."},{"line_number":114,"context_line":"  ldap-user-enabled-default:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"9f560f44_a6589857","line":111,"range":{"start_line":111,"start_character":16,"end_line":111,"end_character":58},"in_reply_to":"9f560f44_8da288ac","updated":"2020-09-14 10:59:50.000000000","message":"The statement which is mentioned is wrong. Removed the sentence to avoid ambiguity. \nAs per keystone-ldap documentation \"If this is not set\nto `0` the typical value is `2`.\" \nSo typically it is 2 but not default.","commit_id":"93a103b4c6f14b36cf38364ec7cf292f20362fc7"},{"author":{"_account_id":14567,"name":"Rodrigo Barbieri","email":"rodrigo.barbieri2010@gmail.com","username":"ganso"},"change_message_id":"9b4015f0e8e8045ce1251cc4a83a10e08e7a9ed0","unresolved":false,"context_lines":[{"line_number":115,"context_line":"    type: string"},{"line_number":116,"context_line":"    default:"},{"line_number":117,"context_line":"    description: |"},{"line_number":118,"context_line":"      The default value to enable users. This should match an appropriate"},{"line_number":119,"context_line":"      integer value if the LDAP server uses non-boolean (bitmask) values to"},{"line_number":120,"context_line":"      indicate if a user is enabled or disabled. If this is not set to True,"},{"line_number":121,"context_line":"      then the typical value is 512. This is typically used when"},{"line_number":122,"context_line":"      ldap-user-enabled-attribute is set to \u0027userAccountControl\u0027."},{"line_number":123,"context_line":"  ldap-user-enabled-emulation:"},{"line_number":124,"context_line":"    type: boolean"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"9f560f44_8d2f283d","line":121,"range":{"start_line":118,"start_character":41,"end_line":121,"end_character":36},"updated":"2020-09-02 14:12:44.000000000","message":"this is a bit confusing, the type is string, but the value can be integer or True at the same time. Any way to avoid this? Isn\u0027t the integer part the value that is set in \"ldap-user-enabled-mask\" ?","commit_id":"93a103b4c6f14b36cf38364ec7cf292f20362fc7"},{"author":{"_account_id":10366,"name":"Hemanth N","email":"hemanth.nakkina@canonical.com","username":"Hemanth"},"change_message_id":"fb4231dbc5424f28df0f266aeda0f604768848a9","unresolved":false,"context_lines":[{"line_number":115,"context_line":"    type: string"},{"line_number":116,"context_line":"    default:"},{"line_number":117,"context_line":"    description: |"},{"line_number":118,"context_line":"      The default value to enable users. This should match an appropriate"},{"line_number":119,"context_line":"      integer value if the LDAP server uses non-boolean (bitmask) values to"},{"line_number":120,"context_line":"      indicate if a user is enabled or disabled. If this is not set to True,"},{"line_number":121,"context_line":"      then the typical value is 512. This is typically used when"},{"line_number":122,"context_line":"      ldap-user-enabled-attribute is set to \u0027userAccountControl\u0027."},{"line_number":123,"context_line":"  ldap-user-enabled-emulation:"},{"line_number":124,"context_line":"    type: boolean"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"9f560f44_e6529035","line":121,"range":{"start_line":118,"start_character":41,"end_line":121,"end_character":36},"in_reply_to":"9f560f44_8d2f283d","updated":"2020-09-14 10:59:50.000000000","message":"Modified the description to make it more sense. So the option is of type string which accepts \u0027True\u0027 or integer in string format.","commit_id":"93a103b4c6f14b36cf38364ec7cf292f20362fc7"},{"author":{"_account_id":14567,"name":"Rodrigo Barbieri","email":"rodrigo.barbieri2010@gmail.com","username":"ganso"},"change_message_id":"55f6dde629a58901bf2b40dc2984d75adb1f85cd","unresolved":false,"context_lines":[{"line_number":112,"context_line":"      is set to \u0027userAccessControl\u0027."},{"line_number":113,"context_line":"  ldap-user-enabled-default:"},{"line_number":114,"context_line":"    type: string"},{"line_number":115,"context_line":"    default: \u0027True\u0027"},{"line_number":116,"context_line":"    description: |"},{"line_number":117,"context_line":"      The default value to enable users. This should match an appropriate"},{"line_number":118,"context_line":"      integer value if the LDAP server uses non-boolean (bitmask) values to"},{"line_number":119,"context_line":"      indicate if a user is enabled or disabled. Please note the integer value"},{"line_number":120,"context_line":"      should be specified as a string in quotes. This option is typically used"},{"line_number":121,"context_line":"      when ldap-user-enabled-attribute is set to \u0027userAccountControl\u0027."},{"line_number":122,"context_line":"  ldap-user-enabled-emulation:"},{"line_number":123,"context_line":"    type: boolean"},{"line_number":124,"context_line":"    default: False"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"9f560f44_f6b19946","line":121,"range":{"start_line":115,"start_character":4,"end_line":121,"end_character":70},"updated":"2020-09-14 14:44:21.000000000","message":"I still think this is not very clear as written (unless I am missing something). What I see is:\n\n- Integer if the LDAP server uses non-boolean (bitmask) values to indicate if a user is enabled or disabled \u003c\u003d\u003d this is clear, but how is this determined? based on which other config option? would be clearer to mention the other config here. Based on other docs I found online, it seems to be ldap-user-enabled-mask. If it is ommitted (or unset, as it is by default), then the True/False values are accepted, otherwise the interger is accepted. I believe it would be clearer if written as \"... uses non-boolean (bitmask) values (where config ldap-user-enabled-mask is set) to indicate ...\".\n\n- True/False otherwise \u003c\u003d\u003d This can be deducted by the fact the default value is \"True\", but considering the type is string and the message says \"This should match an appropriate integer...\". Would be clearer to include \"... enabled or disabled, otherwise valid values are \u0027True\u0027 or \u0027False\u0027. Please note ...\"","commit_id":"dfcf49a03372038bddd57de619fd233111c38a05"},{"author":{"_account_id":6737,"name":"Edward Hope-Morley","email":"edward.hope-morley@canonical.com","username":"hopem"},"change_message_id":"52cd39c7e540c19780e12f0a00b1c47037d9111a","unresolved":false,"context_lines":[{"line_number":112,"context_line":"      is set to \u0027userAccessControl\u0027."},{"line_number":113,"context_line":"  ldap-user-enabled-default:"},{"line_number":114,"context_line":"    type: string"},{"line_number":115,"context_line":"    default: \u0027True\u0027"},{"line_number":116,"context_line":"    description: |"},{"line_number":117,"context_line":"      The default value to enable users. This should match an appropriate"},{"line_number":118,"context_line":"      integer value if the LDAP server uses non-boolean (bitmask) values to"},{"line_number":119,"context_line":"      indicate if a user is enabled or disabled. Please note the integer value"},{"line_number":120,"context_line":"      should be specified as a string in quotes. This option is typically used"},{"line_number":121,"context_line":"      when ldap-user-enabled-attribute is set to \u0027userAccountControl\u0027."},{"line_number":122,"context_line":"  ldap-user-enabled-emulation:"},{"line_number":123,"context_line":"    type: boolean"},{"line_number":124,"context_line":"    default: False"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"9f560f44_fb764ba3","line":121,"range":{"start_line":115,"start_character":4,"end_line":121,"end_character":70},"in_reply_to":"9f560f44_f6b19946","updated":"2020-09-18 09:46:02.000000000","message":"I admit it is confusing but it is also mirroring what upstream says [1]. Since this is parity with upstream and causes no change in behaviour I\u0027m ok to allow as is. If we think we can reword to make more sense than upstream that\u0027s fine too.\n\n[1] https://github.com/openstack/keystone/blob/db25e505a30b10ed8a2a66c4674e20130dd5d5e0/keystone/conf/ldap.py#L194","commit_id":"dfcf49a03372038bddd57de619fd233111c38a05"},{"author":{"_account_id":30561,"name":"Peter Matulis","email":"peter.matulis@canonical.com","username":"pmatulis"},"change_message_id":"3a0f15d723b4d3137e8c71765f14f46dd9ac7ec0","unresolved":false,"context_lines":[{"line_number":112,"context_line":"      is set to \u0027userAccessControl\u0027."},{"line_number":113,"context_line":"  ldap-user-enabled-default:"},{"line_number":114,"context_line":"    type: string"},{"line_number":115,"context_line":"    default: \u0027True\u0027"},{"line_number":116,"context_line":"    description: |"},{"line_number":117,"context_line":"      The default value to enable users. This should match an appropriate"},{"line_number":118,"context_line":"      integer value if the LDAP server uses non-boolean (bitmask) values to"},{"line_number":119,"context_line":"      indicate if a user is enabled or disabled. Please note the integer value"},{"line_number":120,"context_line":"      should be specified as a string in quotes. This option is typically used"},{"line_number":121,"context_line":"      when ldap-user-enabled-attribute is set to \u0027userAccountControl\u0027."},{"line_number":122,"context_line":"  ldap-user-enabled-emulation:"},{"line_number":123,"context_line":"    type: boolean"},{"line_number":124,"context_line":"    default: False"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"9f560f44_c2b08543","line":121,"range":{"start_line":115,"start_character":4,"end_line":121,"end_character":70},"in_reply_to":"9f560f44_fb764ba3","updated":"2020-09-22 14:19:20.000000000","message":"I agree that this option\u0027s description needs to be rewritten. Rodrigo, I think that you should suggest the entire paragraph and we can go from there.","commit_id":"dfcf49a03372038bddd57de619fd233111c38a05"},{"author":{"_account_id":31289,"name":"Aurelien Lourot","email":"aurelien.lourot@gmail.com","username":"lourot"},"change_message_id":"f6a433d084c41b25b83e533d03af0deb62f6f1d0","unresolved":false,"context_lines":[{"line_number":60,"context_line":"      of course, still requires a CA certificate."},{"line_number":61,"context_line":"  ldap-query-scope:"},{"line_number":62,"context_line":"    type: string"},{"line_number":63,"context_line":"    default: sub"},{"line_number":64,"context_line":"    description: |"},{"line_number":65,"context_line":"      This option controls the scope level of data presented through LDAP."},{"line_number":66,"context_line":"  ldap-user-tree-dn:"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9f560f44_2fac8233","line":63,"updated":"2020-09-25 10:21:26.000000000","message":"Before this change the default was \u0027one\u0027, see https://docs.openstack.org/keystone/latest/configuration/config-options.html#domain-specific-identity-drivers . So this changes the default behavior of the charm. Can we use \u0027one\u0027 as default instead?","commit_id":"3423e496d241a3c38cfe8045b44058266319c9d9"},{"author":{"_account_id":10366,"name":"Hemanth N","email":"hemanth.nakkina@canonical.com","username":"Hemanth"},"change_message_id":"51ef1e6baf15b154878e95801407c2050821f681","unresolved":false,"context_lines":[{"line_number":60,"context_line":"      of course, still requires a CA certificate."},{"line_number":61,"context_line":"  ldap-query-scope:"},{"line_number":62,"context_line":"    type: string"},{"line_number":63,"context_line":"    default: sub"},{"line_number":64,"context_line":"    description: |"},{"line_number":65,"context_line":"      This option controls the scope level of data presented through LDAP."},{"line_number":66,"context_line":"  ldap-user-tree-dn:"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9f560f44_f73861cc","line":63,"in_reply_to":"9f560f44_2fac8233","updated":"2020-09-30 03:55:13.000000000","message":"Done","commit_id":"3423e496d241a3c38cfe8045b44058266319c9d9"},{"author":{"_account_id":31289,"name":"Aurelien Lourot","email":"aurelien.lourot@gmail.com","username":"lourot"},"change_message_id":"f6a433d084c41b25b83e533d03af0deb62f6f1d0","unresolved":false,"context_lines":[{"line_number":65,"context_line":"      This option controls the scope level of data presented through LDAP."},{"line_number":66,"context_line":"  ldap-user-tree-dn:"},{"line_number":67,"context_line":"    type: string"},{"line_number":68,"context_line":"    default: ou\u003dusers,dc\u003dexample,dc\u003dcom"},{"line_number":69,"context_line":"    description: |"},{"line_number":70,"context_line":"      This option sets the search base to use for the users."},{"line_number":71,"context_line":"  ldap-user-filter:"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9f560f44_8f7caeb6","line":68,"updated":"2020-09-25 10:21:26.000000000","message":"Same here, this slightly changes the default. Same for several other config options.","commit_id":"3423e496d241a3c38cfe8045b44058266319c9d9"},{"author":{"_account_id":10366,"name":"Hemanth N","email":"hemanth.nakkina@canonical.com","username":"Hemanth"},"change_message_id":"51ef1e6baf15b154878e95801407c2050821f681","unresolved":false,"context_lines":[{"line_number":65,"context_line":"      This option controls the scope level of data presented through LDAP."},{"line_number":66,"context_line":"  ldap-user-tree-dn:"},{"line_number":67,"context_line":"    type: string"},{"line_number":68,"context_line":"    default: ou\u003dusers,dc\u003dexample,dc\u003dcom"},{"line_number":69,"context_line":"    description: |"},{"line_number":70,"context_line":"      This option sets the search base to use for the users."},{"line_number":71,"context_line":"  ldap-user-filter:"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9f560f44_3743f941","line":68,"in_reply_to":"9f560f44_8f7caeb6","updated":"2020-09-30 03:55:13.000000000","message":"Modified the defaults as per upstream default values for config options.","commit_id":"3423e496d241a3c38cfe8045b44058266319c9d9"},{"author":{"_account_id":31289,"name":"Aurelien Lourot","email":"aurelien.lourot@gmail.com","username":"lourot"},"change_message_id":"f6a433d084c41b25b83e533d03af0deb62f6f1d0","unresolved":false,"context_lines":[{"line_number":99,"context_line":"    default: False"},{"line_number":100,"context_line":"    description: |"},{"line_number":101,"context_line":"      Setting this option to True allows LDAP servers to use lock attributes."},{"line_number":102,"context_line":"      This option have no effect when ldap-user-enabled-mask or"},{"line_number":103,"context_line":"      ldap-user-enabled-emulation are in use."},{"line_number":104,"context_line":"  ldap-user-enabled-mask:"},{"line_number":105,"context_line":"    type: int"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9f560f44_cb04d916","line":102,"updated":"2020-09-25 10:21:26.000000000","message":"s/This option have/This option has/","commit_id":"3423e496d241a3c38cfe8045b44058266319c9d9"},{"author":{"_account_id":10366,"name":"Hemanth N","email":"hemanth.nakkina@canonical.com","username":"Hemanth"},"change_message_id":"51ef1e6baf15b154878e95801407c2050821f681","unresolved":false,"context_lines":[{"line_number":99,"context_line":"    default: False"},{"line_number":100,"context_line":"    description: |"},{"line_number":101,"context_line":"      Setting this option to True allows LDAP servers to use lock attributes."},{"line_number":102,"context_line":"      This option have no effect when ldap-user-enabled-mask or"},{"line_number":103,"context_line":"      ldap-user-enabled-emulation are in use."},{"line_number":104,"context_line":"  ldap-user-enabled-mask:"},{"line_number":105,"context_line":"    type: int"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9f560f44_777611a6","line":102,"in_reply_to":"9f560f44_cb04d916","updated":"2020-09-30 03:55:13.000000000","message":"Done","commit_id":"3423e496d241a3c38cfe8045b44058266319c9d9"},{"author":{"_account_id":30561,"name":"Peter Matulis","email":"peter.matulis@canonical.com","username":"pmatulis"},"change_message_id":"64babbe265ec728b4ba77b698c047187dc02a990","unresolved":false,"context_lines":[{"line_number":117,"context_line":"      The default value to enable users. The LDAP servers can use boolean or"},{"line_number":118,"context_line":"      bit in the user enabled attribute to indicate if a user is enabled or"},{"line_number":119,"context_line":"      disabled. If boolean is used by the ldap schema, then the appropriate"},{"line_number":120,"context_line":"      value for this option is \u0027True\u0027 or \u0027False\u0027. If bit is used by the ldap"},{"line_number":121,"context_line":"      schema, this option should match an appropriate integer value based on"},{"line_number":122,"context_line":"      ldap_user-enabled-mask. Please note the integer value should be specified"},{"line_number":123,"context_line":"      as a string in quotes. This option is typically used when"},{"line_number":124,"context_line":"      ldap-user-enabled-attribute is set to \u0027userAccountControl\u0027."},{"line_number":125,"context_line":"  ldap-user-enabled-emulation:"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9f560f44_548ce133","line":122,"range":{"start_line":120,"start_character":50,"end_line":122,"end_character":28},"updated":"2020-09-25 16:15:25.000000000","message":"Please include an example for this scenario (ldap-user-enabled-mask\u003dX and ldap-user-enabled-default\u003dY).","commit_id":"3423e496d241a3c38cfe8045b44058266319c9d9"},{"author":{"_account_id":31289,"name":"Aurelien Lourot","email":"aurelien.lourot@gmail.com","username":"lourot"},"change_message_id":"f6a433d084c41b25b83e533d03af0deb62f6f1d0","unresolved":false,"context_lines":[{"line_number":119,"context_line":"      disabled. If boolean is used by the ldap schema, then the appropriate"},{"line_number":120,"context_line":"      value for this option is \u0027True\u0027 or \u0027False\u0027. If bit is used by the ldap"},{"line_number":121,"context_line":"      schema, this option should match an appropriate integer value based on"},{"line_number":122,"context_line":"      ldap_user-enabled-mask. Please note the integer value should be specified"},{"line_number":123,"context_line":"      as a string in quotes. This option is typically used when"},{"line_number":124,"context_line":"      ldap-user-enabled-attribute is set to \u0027userAccountControl\u0027."},{"line_number":125,"context_line":"  ldap-user-enabled-emulation:"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9f560f44_cb1df962","line":122,"updated":"2020-09-25 10:21:26.000000000","message":"s/ldap_user/ldap-user/","commit_id":"3423e496d241a3c38cfe8045b44058266319c9d9"},{"author":{"_account_id":10366,"name":"Hemanth N","email":"hemanth.nakkina@canonical.com","username":"Hemanth"},"change_message_id":"51ef1e6baf15b154878e95801407c2050821f681","unresolved":false,"context_lines":[{"line_number":117,"context_line":"      The default value to enable users. The LDAP servers can use boolean or"},{"line_number":118,"context_line":"      bit in the user enabled attribute to indicate if a user is enabled or"},{"line_number":119,"context_line":"      disabled. If boolean is used by the ldap schema, then the appropriate"},{"line_number":120,"context_line":"      value for this option is \u0027True\u0027 or \u0027False\u0027. If bit is used by the ldap"},{"line_number":121,"context_line":"      schema, this option should match an appropriate integer value based on"},{"line_number":122,"context_line":"      ldap_user-enabled-mask. Please note the integer value should be specified"},{"line_number":123,"context_line":"      as a string in quotes. This option is typically used when"},{"line_number":124,"context_line":"      ldap-user-enabled-attribute is set to \u0027userAccountControl\u0027."},{"line_number":125,"context_line":"  ldap-user-enabled-emulation:"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9f560f44_d76b9db6","line":122,"range":{"start_line":120,"start_character":50,"end_line":122,"end_character":28},"in_reply_to":"9f560f44_548ce133","updated":"2020-09-30 03:55:13.000000000","message":"Done","commit_id":"3423e496d241a3c38cfe8045b44058266319c9d9"},{"author":{"_account_id":31289,"name":"Aurelien Lourot","email":"aurelien.lourot@gmail.com","username":"lourot"},"change_message_id":"ef18f5d32f0530103f3edd912619b5dc7f26d7dc","unresolved":false,"context_lines":[{"line_number":136,"context_line":""},{"line_number":137,"context_line":"      ldap-user-enabled-attribute \u003d userAccountControl"},{"line_number":138,"context_line":"      ldap-user-enabled-mask \u003d 2"},{"line_number":139,"context_line":"      ldap-user-enabled-default \u003d 512"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"      ldap-user-enabled-default should be set to integer value that represents"},{"line_number":142,"context_line":"      a user being enabled. For Active Directory, 512 represents Normal Account."}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3f65232a_8e4aa852","line":139,"updated":"2020-10-23 14:51:44.000000000","message":"Please use quotes (\"512\") as you wrote above that the integer should be specified as a string in quotes.\n\nldap-user-enabled-attribute \u003d \"userAccountControl\"\nldap-user-enabled-mask \u003d 2\nldap-user-enabled-default \u003d \"512\"\n\nAlso I don\u0027t understand the example: 512 with a mask of 2 gives 0, which means the user will be disabled by default? So this contradicts the next sentence?","commit_id":"227c5fe964c5e086b9775f4b188a4a8698606252"},{"author":{"_account_id":31289,"name":"Aurelien Lourot","email":"aurelien.lourot@gmail.com","username":"lourot"},"change_message_id":"53878fd4157610f892c15a10a91eecb824130bd0","unresolved":false,"context_lines":[{"line_number":136,"context_line":""},{"line_number":137,"context_line":"      ldap-user-enabled-attribute \u003d userAccountControl"},{"line_number":138,"context_line":"      ldap-user-enabled-mask \u003d 2"},{"line_number":139,"context_line":"      ldap-user-enabled-default \u003d 512"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"      ldap-user-enabled-default should be set to integer value that represents"},{"line_number":142,"context_line":"      a user being enabled. For Active Directory, 512 represents Normal Account."}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3f65232a_66f117ce","line":139,"in_reply_to":"3f65232a_76d0aff8","updated":"2020-10-27 09:59:11.000000000","message":"oh I see, so this is not used as a simple mask, but instead we first add the mask and then apply the mask. So 0 becomes 1, which then matches with 1. I\u0027m wondering if this has been designed with the goal to confuse ;)\n\nAnyway it\u0027s not your fault, thanks for digging into this. Can we add a short note/warning here saying that the mask is used in a weird way linking to https://docs.openstack.org/keystone/latest/admin/configuration.html#integrate-identity-back-end-with-ldap ? Thanks!","commit_id":"227c5fe964c5e086b9775f4b188a4a8698606252"},{"author":{"_account_id":14567,"name":"Rodrigo Barbieri","email":"rodrigo.barbieri2010@gmail.com","username":"ganso"},"change_message_id":"b598e52feea189b64242a6e454c1f6f1afb079a5","unresolved":false,"context_lines":[{"line_number":136,"context_line":""},{"line_number":137,"context_line":"      ldap-user-enabled-attribute \u003d userAccountControl"},{"line_number":138,"context_line":"      ldap-user-enabled-mask \u003d 2"},{"line_number":139,"context_line":"      ldap-user-enabled-default \u003d 512"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"      ldap-user-enabled-default should be set to integer value that represents"},{"line_number":142,"context_line":"      a user being enabled. For Active Directory, 512 represents Normal Account."}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3f65232a_76d0aff8","line":139,"in_reply_to":"3f65232a_8e4aa852","updated":"2020-10-26 14:15:47.000000000","message":"From https://docs.openstack.org/keystone/latest/admin/configuration.html#integrate-identity-with-ldap:\n\nf the directory server has an enabled attribute, but it is not a boolean type, a mask can be used to convert it. This is useful when the enabled attribute is an integer value. The following configuration highlights the usage:\n\n\u003csame example\u003e\n\nIn this case, the attribute is an integer and the enabled attribute is listed in bit 1. If the mask configured user_enabled_mask is different from 0, it retrieves the attribute from user_enabled_attribute and performs an add operation with the user_enabled_mask. If the sum of the operation matches the mask, then the account is disabled.\n\nThe value of user_enabled_attribute is also saved before applying the add operation in enabled_nomask. This is done in case the user needs to be enabled or disabled. Lastly, setting user_enabled_default is needed in order to create a default value on the integer attribute (512 \u003d NORMAL ACCOUNT in Active Directory).","commit_id":"227c5fe964c5e086b9775f4b188a4a8698606252"},{"author":{"_account_id":8992,"name":"Billy Olsen","email":"billy.olsen@canonical.com","username":"billy-olsen"},"change_message_id":"4d8b125615cede360cf526516d89d04f225fc406","unresolved":false,"context_lines":[{"line_number":49,"context_line":"      precedence over the corresponding charm configuration option."},{"line_number":50,"context_line":"      For example, if LDAP configuration query_scope is defined in ldap-query-scope"},{"line_number":51,"context_line":"      as \u0027one\u0027 and in ldap-config-flags as \"{query_scope: \u0027sub\u0027}\" then the option"},{"line_number":52,"context_line":"      query_scope is set to \u0027sub\u0027."},{"line_number":53,"context_line":"  ldap-readonly:"},{"line_number":54,"context_line":"    type: boolean"},{"line_number":55,"context_line":"    default: True"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"1f621f24_5d2598c1","line":52,"updated":"2020-11-05 21:22:41.000000000","message":"Since the various options are explicitly configured now rather than in this options dict, we should deprecate this option.\n\nWe should also add a release note that advertises/documents this change.","commit_id":"900d0b981aa2b09416b4187e488f630919d864cf"},{"author":{"_account_id":14567,"name":"Rodrigo Barbieri","email":"rodrigo.barbieri2010@gmail.com","username":"ganso"},"change_message_id":"4939d8fb805f15171fb4435e085f7f7c5f3646aa","unresolved":false,"context_lines":[{"line_number":49,"context_line":"      precedence over the corresponding charm configuration option."},{"line_number":50,"context_line":"      For example, if LDAP configuration query_scope is defined in ldap-query-scope"},{"line_number":51,"context_line":"      as \u0027one\u0027 and in ldap-config-flags as \"{query_scope: \u0027sub\u0027}\" then the option"},{"line_number":52,"context_line":"      query_scope is set to \u0027sub\u0027."},{"line_number":53,"context_line":"  ldap-readonly:"},{"line_number":54,"context_line":"    type: boolean"},{"line_number":55,"context_line":"    default: True"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"1f621f24_f8a2a5fb","line":52,"in_reply_to":"1f621f24_5d2598c1","updated":"2020-11-06 21:41:11.000000000","message":"in order to deprecate this option I think we would need to reverse the precedence (maybe not now, but at some point). However, when the precedence is reversed, it could break existing environments.\n\nHemanth/Billy, what do you think?","commit_id":"900d0b981aa2b09416b4187e488f630919d864cf"},{"author":{"_account_id":2424,"name":"Felipe Reyes","email":"felipe.reyes@canonical.com","username":"freyes"},"change_message_id":"9db1d64f814361036e0ba2e47d1811d1f4e09629","unresolved":false,"context_lines":[{"line_number":49,"context_line":"      precedence over the corresponding charm configuration option."},{"line_number":50,"context_line":"      For example, if LDAP configuration query_scope is defined in ldap-query-scope"},{"line_number":51,"context_line":"      as \u0027one\u0027 and in ldap-config-flags as \"{query_scope: \u0027sub\u0027}\" then the option"},{"line_number":52,"context_line":"      query_scope is set to \u0027sub\u0027."},{"line_number":53,"context_line":"  ldap-readonly:"},{"line_number":54,"context_line":"    type: boolean"},{"line_number":55,"context_line":"    default: True"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"fffc6b78_f2bec8fd","line":52,"in_reply_to":"1f621f24_78e4d53c","updated":"2020-11-18 19:03:25.000000000","message":"I agree that we shouldn\u0027t deprecate ldap-config-flags, at the very least I\u0027m aware of the use of page_size.\n\nAbout the notice in the release notes, we should announce the new config options and encourage users to migrate their configuration to them since they will be better served in the future in case something requires accommodation in the openstack configuration.\n\nBilly, thoughts?","commit_id":"900d0b981aa2b09416b4187e488f630919d864cf"},{"author":{"_account_id":14567,"name":"Rodrigo Barbieri","email":"rodrigo.barbieri2010@gmail.com","username":"ganso"},"change_message_id":"be364eb6af1ff23ab2d6ae42d201d41125700f3d","unresolved":false,"context_lines":[{"line_number":49,"context_line":"      precedence over the corresponding charm configuration option."},{"line_number":50,"context_line":"      For example, if LDAP configuration query_scope is defined in ldap-query-scope"},{"line_number":51,"context_line":"      as \u0027one\u0027 and in ldap-config-flags as \"{query_scope: \u0027sub\u0027}\" then the option"},{"line_number":52,"context_line":"      query_scope is set to \u0027sub\u0027."},{"line_number":53,"context_line":"  ldap-readonly:"},{"line_number":54,"context_line":"    type: boolean"},{"line_number":55,"context_line":"    default: True"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"1f621f24_78e4d53c","line":52,"in_reply_to":"1f621f24_f8a2a5fb","updated":"2020-11-06 21:53:55.000000000","message":"Also, there are a few other options that are not covered, and could be configured through ldap-config-flags:\n\npage_size\nalias_dereferencing\ndebug_level\nchase_referrals\nuser_mail_attribute\nuser_pass_attribute\nuser_description_attribute\n... \nand so on. See https://github.com/openstack/keystone/blob/b0b93c03986f3bb40c5a2ec31ee37c83014e197a/keystone/conf/ldap.py#L153\n\nI believe this is a strong argument against the deprecation of this option. If we then decide to not deprecate it, do you think a release note is still deserved?","commit_id":"900d0b981aa2b09416b4187e488f630919d864cf"},{"author":{"_account_id":32438,"name":"Heather Lemon","email":"heather.lemon@canonical.com","username":"hlemon"},"change_message_id":"4d7e83265a2d43ff5c6acf66f89f4fd907623fe0","unresolved":false,"context_lines":[{"line_number":55,"context_line":"    type: boolean"},{"line_number":56,"context_line":"    default: True"},{"line_number":57,"context_line":"    description: LDAP identity server backend readonly to keystone."},{"line_number":58,"context_line":"  tls-ca-ldap:"},{"line_number":59,"context_line":"    type: string"},{"line_number":60,"context_line":"    default: null"},{"line_number":61,"context_line":"    description: |"}],"source_content_type":"text/x-yaml","patch_set":19,"id":"1f621f24_e7f6218f","line":58,"range":{"start_line":58,"start_character":2,"end_line":58,"end_character":14},"updated":"2020-11-16 20:56:53.000000000","message":"Did you want to flip this around to `ldap-tls-ca`? \nFor consistency purposes.","commit_id":"65bb510b519f677ae03cc828100f545d476be667"},{"author":{"_account_id":14567,"name":"Rodrigo Barbieri","email":"rodrigo.barbieri2010@gmail.com","username":"ganso"},"change_message_id":"6e559e90e1db05f9f7467dcf61224af2f621aaa9","unresolved":false,"context_lines":[{"line_number":55,"context_line":"    type: boolean"},{"line_number":56,"context_line":"    default: True"},{"line_number":57,"context_line":"    description: LDAP identity server backend readonly to keystone."},{"line_number":58,"context_line":"  tls-ca-ldap:"},{"line_number":59,"context_line":"    type: string"},{"line_number":60,"context_line":"    default: null"},{"line_number":61,"context_line":"    description: |"}],"source_content_type":"text/x-yaml","patch_set":19,"id":"1f621f24_877bedf2","line":58,"range":{"start_line":58,"start_character":2,"end_line":58,"end_character":14},"in_reply_to":"1f621f24_e7f6218f","updated":"2020-11-16 21:00:09.000000000","message":"this cannot be flipped at this time because there may be users already using it as it is, and it would break them if it is changed","commit_id":"65bb510b519f677ae03cc828100f545d476be667"}],"src/lib/charm/openstack/.keystone_ldap.py.swp":[{"author":{"_account_id":9247,"name":"Arif Ali","email":"arif.ali@canonical.com","username":"arif-ali","status":"Canonical Ltd."},"change_message_id":"58289712da475ccae6420f60d50788b4db240f54","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"1f621f24_68ffa266","updated":"2020-11-12 23:10:24.000000000","message":"Was this file intended to be added?","commit_id":"dd5470053792ba296c9be663ad2504ddca581d5f"}],"src/lib/charm/openstack/keystone_ldap.py":[{"author":{"_account_id":32438,"name":"Heather Lemon","email":"heather.lemon@canonical.com","username":"hlemon"},"change_message_id":"1322ff7d54b7e8090b4195685971187fec0e5676","unresolved":false,"context_lines":[{"line_number":72,"context_line":""},{"line_number":73,"context_line":"        self.ldap_options \u003d os_utils.config_flags_parser(ldap_config_flags)"},{"line_number":74,"context_line":"        # Get all the options that starts with ldap_"},{"line_number":75,"context_line":"        filtered_options \u003d [k for k in vars(self) if k.startswith(\u0027ldap_\u0027)]"},{"line_number":76,"context_line":"        for opt in filtered_options:"},{"line_number":77,"context_line":"            opt_ \u003d opt.replace(\u0027ldap_\u0027, \u0027\u0027)"},{"line_number":78,"context_line":"            if opt_ in self.ldap_options:"}],"source_content_type":"text/x-python","patch_set":10,"id":"9f560f44_89d6a925","line":75,"updated":"2020-10-08 21:29:45.000000000","message":"I have a quick question, would this fail? If i used this option from config.yaml: tls-ca-ldap, since it starts with tls. If so I would consider this edge case.","commit_id":"227c5fe964c5e086b9775f4b188a4a8698606252"},{"author":{"_account_id":10366,"name":"Hemanth N","email":"hemanth.nakkina@canonical.com","username":"Hemanth"},"change_message_id":"1f6157710b1d5c94c967d86c8f08c16c926c2d76","unresolved":false,"context_lines":[{"line_number":72,"context_line":""},{"line_number":73,"context_line":"        self.ldap_options \u003d os_utils.config_flags_parser(ldap_config_flags)"},{"line_number":74,"context_line":"        # Get all the options that starts with ldap_"},{"line_number":75,"context_line":"        filtered_options \u003d [k for k in vars(self) if k.startswith(\u0027ldap_\u0027)]"},{"line_number":76,"context_line":"        for opt in filtered_options:"},{"line_number":77,"context_line":"            opt_ \u003d opt.replace(\u0027ldap_\u0027, \u0027\u0027)"},{"line_number":78,"context_line":"            if opt_ in self.ldap_options:"}],"source_content_type":"text/x-python","patch_set":10,"id":"9f560f44_69d69155","line":75,"in_reply_to":"9f560f44_89d6a925","updated":"2020-10-12 09:41:08.000000000","message":"No this wont fail, it just ignores the tls-ca-ldap","commit_id":"227c5fe964c5e086b9775f4b188a4a8698606252"}]}