diff options
author | Amy Fong <amy.fong@windriver.com> | 2014-07-29 14:30:18 -0400 |
---|---|---|
committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2014-07-30 00:50:21 -0400 |
commit | 2075b299cfd9b8d7860eef1d4d20cc46c73d49bc (patch) | |
tree | 3ad3a171f85f4b7710ed706e6de20bf5c0a0b8d8 /meta-openstack/recipes-devtools/python/python-keystone_git.bb | |
parent | 91f39a6e38e6e6fd1e9b6582fb85cd273f3249bb (diff) | |
download | meta-cloud-services-2075b299cfd9b8d7860eef1d4d20cc46c73d49bc.tar.gz |
keystone: enable openLDAP authentication
Modify python-keystone to use openldap. keystone's identity and
assignment backends are configured to utilitze the hybrid backend for
keystone. This backend uses the SQL backend by default and goes to the ldap
database if the user doesn't exist.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Diffstat (limited to 'meta-openstack/recipes-devtools/python/python-keystone_git.bb')
-rw-r--r-- | meta-openstack/recipes-devtools/python/python-keystone_git.bb | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb index 80118d4..5eef096 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb +++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb | |||
@@ -26,6 +26,8 @@ inherit setuptools update-rc.d identity hosts default_configs | |||
26 | SERVICE_TOKEN = "password" | 26 | SERVICE_TOKEN = "password" |
27 | TOKEN_FORMAT ?= "PKI" | 27 | TOKEN_FORMAT ?= "PKI" |
28 | 28 | ||
29 | LDAP_DN ?= "dc=my-domain,dc=com" | ||
30 | |||
29 | do_install_append() { | 31 | do_install_append() { |
30 | 32 | ||
31 | KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone | 33 | KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone |
@@ -70,6 +72,47 @@ do_install_append() { | |||
70 | sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone | 72 | sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone |
71 | sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone | 73 | sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone |
72 | sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" -i ${D}${sysconfdir}/init.d/keystone | 74 | sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" -i ${D}${sysconfdir}/init.d/keystone |
75 | |||
76 | if ${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then | ||
77 | sed -i -e '/^\[identity\]/a \ | ||
78 | # Uncomment the following lines to enable the hybrid backend \ | ||
79 | # driver = keystone.identity.backends.hybrid_identity.Identity \ | ||
80 | #\ | ||
81 | # [assignment] \ | ||
82 | # driver = keystone.assignment.backends.hybrid_assignment.Assignment \ | ||
83 | ' ${D}/etc/keystone/keystone.conf | ||
84 | |||
85 | sed -i -e '/^\[ldap\]/a \ | ||
86 | url = ldap://localhost \ | ||
87 | user = cn=Manager,${LDAP_DN} \ | ||
88 | password = secret \ | ||
89 | suffix = ${LDAP_DN} \ | ||
90 | use_dumb_member = True \ | ||
91 | \ | ||
92 | user_tree_dn = ou=Users,${LDAP_DN} \ | ||
93 | user_attribute_ignore = enabled,email,tenants,default_project_id \ | ||
94 | user_id_attribute = uid \ | ||
95 | user_name_attribute = uid \ | ||
96 | user_mail_attribute = email \ | ||
97 | user_pass_attribute = keystonePassword \ | ||
98 | \ | ||
99 | tenant_tree_dn = ou=Groups,${LDAP_DN} \ | ||
100 | tenant_desc_attribute = description \ | ||
101 | tenant_domain_id_attribute = businessCategory \ | ||
102 | tenant_attribute_ignore = enabled \ | ||
103 | tenant_objectclass = groupOfNames \ | ||
104 | tenant_id_attribute = cn \ | ||
105 | tenant_member_attribute = member \ | ||
106 | tenant_name_attribute = ou \ | ||
107 | \ | ||
108 | role_attribute_ignore = enabled \ | ||
109 | role_objectclass = groupOfNames \ | ||
110 | role_member_attribute = member \ | ||
111 | role_id_attribute = cn \ | ||
112 | role_name_attribute = ou \ | ||
113 | role_tree_dn = ou=Roles,${LDAP_DN} \ | ||
114 | ' ${D}/etc/keystone/keystone.conf | ||
115 | fi | ||
73 | } | 116 | } |
74 | 117 | ||
75 | pkg_postinst_${SRCNAME}-setup () { | 118 | pkg_postinst_${SRCNAME}-setup () { |
@@ -155,6 +198,9 @@ RDEPENDS_${PN} += " \ | |||
155 | python-pbr \ | 198 | python-pbr \ |
156 | " | 199 | " |
157 | 200 | ||
201 | PACKAGECONFIG ?= "${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}" | ||
202 | PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend" | ||
203 | |||
158 | # TODO: | 204 | # TODO: |
159 | # if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS | 205 | # if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS |
160 | 206 | ||