keystone: enable openLDAP authentication

Modify python-keystone to use openldap. keystone's identity and assignment backends are configured to utilitze the hybrid backend for keystone. This backend uses the SQL backend by default and goes to the ldap database if the user doesn't exist. Signed-off-by: Amy Fong <amy.fong@windriver.com>
author: Amy Fong <amy.fong@windriver.com> 2014-07-29 14:30:18 -0400
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2014-07-31 15:15:31 -0400
commit: d8d277a739125808a24826df541a974aa42ffa1a (patch)
tree: 814b03553ba7cc8f18a82434c2aca1be9dfb0379
parent: a139fb7c0e26373d4ce8505e4ff75a9231e01bd4 (diff)
download: meta-cloud-services-d8d277a739125808a24826df541a974aa42ffa1a.tar.gz
1 files changed, 46 insertions, 0 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
index df4b897..be511e2 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb
+++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
@@ -27,6 +27,8 @@ inherit setuptools update-rc.d identity hosts default_configs
 SERVICE_TOKEN = "password"
 TOKEN_FORMAT ?= "PKI"
+LDAP_DN ?= "dc=my-domain,dc=com"
 do_install_append() {
    KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
@@ -69,6 +71,47 @@ do_install_append() {
    sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone
    sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone
    sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" -i ${D}${sysconfdir}/init.d/keystone
+    if ${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then
+        sed -i -e '/^\[identity\]/a \
+# Uncomment the following lines to enable the hybrid backend \
+# driver = keystone.identity.backends.hybrid_identity.Identity \
+#\
+# [assignment] \
+# driver = keystone.assignment.backends.hybrid_assignment.Assignment \
+' ${D}/etc/keystone/keystone.conf
+        sed -i -e '/^\[ldap\]/a \
+url = ldap://localhost \
+user = cn=Manager,${LDAP_DN} \
+password = secret \
+suffix = ${LDAP_DN} \
+use_dumb_member = True \
+\
+user_tree_dn = ou=Users,${LDAP_DN} \
+user_attribute_ignore = enabled,email,tenants,default_project_id \
+user_id_attribute = uid \
+user_name_attribute = uid \
+user_mail_attribute = email \
+user_pass_attribute = keystonePassword \
+\
+tenant_tree_dn = ou=Groups,${LDAP_DN} \
+tenant_desc_attribute = description \
+tenant_domain_id_attribute = businessCategory \
+tenant_attribute_ignore = enabled \
+tenant_objectclass = groupOfNames \
+tenant_id_attribute = cn \
+tenant_member_attribute = member \
+tenant_name_attribute = ou \
+\
+role_attribute_ignore = enabled \
+role_objectclass = groupOfNames \
+role_member_attribute = member \
+role_id_attribute = cn \
+role_name_attribute = ou \
+role_tree_dn = ou=Roles,${LDAP_DN} \
+' ${D}/etc/keystone/keystone.conf
+    fi
 }
 pkg_postinst_${SRCNAME}-setup () {
@@ -152,6 +195,9 @@ RDEPENDS_${PN} += " \
        python-pbr \
        "
+PACKAGECONFIG ?= "${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
+PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
 # TODO:
 #    if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS
author	Amy Fong <amy.fong@windriver.com>	2014-07-29 14:30:18 -0400
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2014-07-31 15:15:31 -0400
commit	d8d277a739125808a24826df541a974aa42ffa1a (patch)
tree	814b03553ba7cc8f18a82434c2aca1be9dfb0379
parent	a139fb7c0e26373d4ce8505e4ff75a9231e01bd4 (diff)
download	meta-cloud-services-d8d277a739125808a24826df541a974aa42ffa1a.tar.gz

diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb index df4b897..be511e2 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb +++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
@@ -27,6 +27,8 @@ inherit setuptools update-rc.d identity hosts default_configs
27	SERVICE_TOKEN = "password"	27	SERVICE_TOKEN = "password"
28	TOKEN_FORMAT ?= "PKI"	28	TOKEN_FORMAT ?= "PKI"
29		29
		30	LDAP_DN ?= "dc=my-domain,dc=com"
		31
30	do_install_append() {	32	do_install_append() {
31		33
32	KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone	34	KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
@@ -69,6 +71,47 @@ do_install_append() {
69	sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone	71	sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone
70	sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone	72	sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone
71	sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" -i ${D}${sysconfdir}/init.d/keystone	73	sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" -i ${D}${sysconfdir}/init.d/keystone
		74
		75	if ${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then
		76	sed -i -e '/^\[identity\]/a \
		77	# Uncomment the following lines to enable the hybrid backend \
		78	# driver = keystone.identity.backends.hybrid_identity.Identity \
		79	#\
		80	# [assignment] \
		81	# driver = keystone.assignment.backends.hybrid_assignment.Assignment \
		82	' ${D}/etc/keystone/keystone.conf
		83
		84	sed -i -e '/^\[ldap\]/a \
		85	url = ldap://localhost \
		86	user = cn=Manager,${LDAP_DN} \
		87	password = secret \
		88	suffix = ${LDAP_DN} \
		89	use_dumb_member = True \
		90	\
		91	user_tree_dn = ou=Users,${LDAP_DN} \
		92	user_attribute_ignore = enabled,email,tenants,default_project_id \
		93	user_id_attribute = uid \
		94	user_name_attribute = uid \
		95	user_mail_attribute = email \
		96	user_pass_attribute = keystonePassword \
		97	\
		98	tenant_tree_dn = ou=Groups,${LDAP_DN} \
		99	tenant_desc_attribute = description \
		100	tenant_domain_id_attribute = businessCategory \
		101	tenant_attribute_ignore = enabled \
		102	tenant_objectclass = groupOfNames \
		103	tenant_id_attribute = cn \
		104	tenant_member_attribute = member \
		105	tenant_name_attribute = ou \
		106	\
		107	role_attribute_ignore = enabled \
		108	role_objectclass = groupOfNames \
		109	role_member_attribute = member \
		110	role_id_attribute = cn \
		111	role_name_attribute = ou \
		112	role_tree_dn = ou=Roles,${LDAP_DN} \
		113	' ${D}/etc/keystone/keystone.conf
		114	fi
72	}	115	}
73		116
74	pkg_postinst_${SRCNAME}-setup () {	117	pkg_postinst_${SRCNAME}-setup () {
@@ -152,6 +195,9 @@ RDEPENDS_${PN} += " \
152	python-pbr \	195	python-pbr \
153	"	196	"
154		197
		198	PACKAGECONFIG ?= "${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
		199	PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
		200
155	# TODO:	201	# TODO:
156	# if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS	202	# if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS
157		203