4. Keystone's LDAP implementation in stable was broken. It returned no
roles, many values were hardcoded, etc. The LDAP implementation in
nova worked, and it looks like its code was simply ignored when auth
was moved into keystone.
I did forget to mention one thing about this. The keystone devs,
especially Adam Young, were very responsive and we worked together to
fix the issues in stable and ensured they were also fixed in master. A
million thanks for the help there. Help like this makes life in the
project way easier.
The process for getting the changes into stable was kind of a pain,
but that's another email completely.