Instead of failing when a user exists, add attributes and objectclasses, if absent

Registered by Ryan Lane

Currently the ldap driver acts as the owner of a director server. In many deployments this may not be the case. The ldap driver should be configurable to add objectclasses and attributes instead of adding users.

Ideally, when the ldap driver sees a user exists, it should check to see if the objectclass and attribute exist. If the neither exist, it should add them, if the objectclass exists, and the attributes do not, it should add the attributes.

The use case behind this is a directory server that is already populated with users, and is managed by other means. The directory server admin can add ACIs to allow the update of objectclasses and the nova attributes, or just to the nova attributes.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
Approved
Series goal:
Accepted for diablo
Implementation:
Implemented
Milestone target:
None
Started by
Vish Ishaya
Completed by
Vish Ishaya

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.