Update Keystone code from official Github repository with branch Master on 09/01/2015.

Change-Id: I0ff6099e6e2580f87f502002a998bbfe12673498

2 files changed, 11 insertions, 23 deletions

diff --git a/keystone-moon/keystone/identity/backends/ldap.py b/keystone-moon/keystone/identity/backends/ldap.py
index 0f7ee450..7a3cb03b 100644
--- a/keystone-moon/keystone/identity/backends/ldap.py
+++ b/keystone-moon/keystone/identity/backends/ldap.py
@@ -14,13 +14,12 @@
 from __future__ import absolute_import
 import uuid
 
-import ldap
 import ldap.filter
 from oslo_config import cfg
 from oslo_log import log
 import six
 
-from keystone import clean
+from keystone.common import clean
 from keystone.common import driver_hints
 from keystone.common import ldap as common_ldap
 from keystone.common import models
@@ -42,7 +41,7 @@ class Identity(identity.Driver):
         self.group = GroupApi(conf)
 
     def default_assignment_driver(self):
-        return "keystone.assignment.backends.ldap.Assignment"
+        return 'ldap'
 
     def is_domain_aware(self):
         return False
@@ -352,20 +351,18 @@ class GroupApi(common_ldap.BaseLdap):
         """Return a list of groups for which the user is a member."""
 
         user_dn_esc = ldap.filter.escape_filter_chars(user_dn)
-        query = '(&(objectClass=%s)(%s=%s)%s)' % (self.object_class,
-                                                  self.member_attribute,
-                                                  user_dn_esc,
-                                                  self.ldap_filter or '')
+        query = '(%s=%s)%s' % (self.member_attribute,
+                               user_dn_esc,
+                               self.ldap_filter or '')
         return self.get_all(query)
 
     def list_user_groups_filtered(self, user_dn, hints):
         """Return a filtered list of groups for which the user is a member."""
 
         user_dn_esc = ldap.filter.escape_filter_chars(user_dn)
-        query = '(&(objectClass=%s)(%s=%s)%s)' % (self.object_class,
-                                                  self.member_attribute,
-                                                  user_dn_esc,
-                                                  self.ldap_filter or '')
+        query = '(%s=%s)%s' % (self.member_attribute,
+                               user_dn_esc,
+                               self.ldap_filter or '')
         return self.get_all_filtered(hints, query)
 
     def list_group_users(self, group_id):
diff --git a/keystone-moon/keystone/identity/backends/sql.py b/keystone-moon/keystone/identity/backends/sql.py
index 39868416..8bda9a1b 100644
--- a/keystone-moon/keystone/identity/backends/sql.py
+++ b/keystone-moon/keystone/identity/backends/sql.py
@@ -77,7 +77,7 @@ class Identity(identity.Driver):
         super(Identity, self).__init__()
 
     def default_assignment_driver(self):
-        return "keystone.assignment.backends.sql.Assignment"
+        return 'sql'
 
     @property
     def is_sql(self):
@@ -211,28 +211,19 @@ class Identity(identity.Driver):
             session.delete(membership_ref)
 
     def list_groups_for_user(self, user_id, hints):
-        # TODO(henry-nash) We could implement full filtering here by enhancing
-        # the join below.  However, since it is likely to be a fairly rare
-        # occurrence to filter on more than the user_id already being used
-        # here, this is left as future enhancement and until then we leave
-        # it for the controller to do for us.
         session = sql.get_session()
         self.get_user(user_id)
         query = session.query(Group).join(UserGroupMembership)
         query = query.filter(UserGroupMembership.user_id == user_id)
+        query = sql.filter_limit_query(Group, query, hints)
         return [g.to_dict() for g in query]
 
     def list_users_in_group(self, group_id, hints):
-        # TODO(henry-nash) We could implement full filtering here by enhancing
-        # the join below.  However, since it is likely to be a fairly rare
-        # occurrence to filter on more than the group_id already being used
-        # here, this is left as future enhancement and until then we leave
-        # it for the controller to do for us.
         session = sql.get_session()
         self.get_group(group_id)
         query = session.query(User).join(UserGroupMembership)
         query = query.filter(UserGroupMembership.group_id == group_id)
-
+        query = sql.filter_limit_query(User, query, hints)
         return [identity.filter_user(u.to_dict()) for u in query]
 
     def delete_user(self, user_id):