Instead of failing when a user exists, add attributes and objectclasses, if absent
Registered by
Ryan Lane
Currently the ldap driver acts as the owner of a director server. In many deployments this may not be the case. The ldap driver should be configurable to add objectclasses and attributes instead of adding users.
Ideally, when the ldap driver sees a user exists, it should check to see if the objectclass and attribute exist. If the neither exist, it should add them, if the objectclass exists, and the attributes do not, it should add the attributes.
The use case behind this is a directory server that is already populated with users, and is managed by other means. The directory server admin can add ACIs to allow the update of objectclasses and the nova attributes, or just to the nova attributes.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Approved
- Series goal:
- Accepted for diablo
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Vish Ishaya
- Completed by
- Vish Ishaya
Whiteboard
(?)