aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAmy Fong <amy.fong@windriver.com>2014-07-29 14:30:18 -0400
committerBruce Ashfield <bruce.ashfield@windriver.com>2014-07-30 10:46:55 -0400
commit173db7893acbdad62b4938cbabb49a9d26f3598f (patch)
tree907a75fae5b5e9b80475b451764fe51e84973c01
parentea1cdabd1a240a3b8d65045b62061a86a8ae0182 (diff)
downloadmeta-cloud-services-173db7893acbdad62b4938cbabb49a9d26f3598f.tar.gz
meta-cloud-services-173db7893acbdad62b4938cbabb49a9d26f3598f.tar.bz2
meta-cloud-services-173db7893acbdad62b4938cbabb49a9d26f3598f.zip
keystone: enable openLDAP authentication
Modify python-keystone to use openldap. keystone's identity and assignment backends are configured to utilitze the hybrid backend for keystone. This backend uses the SQL backend by default and goes to the ldap database if the user doesn't exist. Signed-off-by: Amy Fong <amy.fong@windriver.com>
-rw-r--r--meta-openstack/recipes-devtools/python/python-keystone_git.bb46
1 files changed, 46 insertions, 0 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
index 6c33ab4..dfeeb1f 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb
+++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
@@ -27,6 +27,8 @@ inherit setuptools update-rc.d identity hosts default_configs
SERVICE_TOKEN = "password"
TOKEN_FORMAT ?= "PKI"
+LDAP_DN ?= "dc=my-domain,dc=com"
+
do_install_append() {
KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
@@ -69,6 +71,47 @@ do_install_append() {
sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone
sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone
sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" -i ${D}${sysconfdir}/init.d/keystone
+
+ if ${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then
+ sed -i -e '/^\[identity\]/a \
+# Uncomment the following lines to enable the hybrid backend \
+# driver = keystone.identity.backends.hybrid_identity.Identity \
+#\
+# [assignment] \
+# driver = keystone.assignment.backends.hybrid_assignment.Assignment \
+' ${D}/etc/keystone/keystone.conf
+
+ sed -i -e '/^\[ldap\]/a \
+url = ldap://localhost \
+user = cn=Manager,${LDAP_DN} \
+password = secret \
+suffix = ${LDAP_DN} \
+use_dumb_member = True \
+\
+user_tree_dn = ou=Users,${LDAP_DN} \
+user_attribute_ignore = enabled,email,tenants,default_project_id \
+user_id_attribute = uid \
+user_name_attribute = uid \
+user_mail_attribute = email \
+user_pass_attribute = keystonePassword \
+\
+tenant_tree_dn = ou=Groups,${LDAP_DN} \
+tenant_desc_attribute = description \
+tenant_domain_id_attribute = businessCategory \
+tenant_attribute_ignore = enabled \
+tenant_objectclass = groupOfNames \
+tenant_id_attribute = cn \
+tenant_member_attribute = member \
+tenant_name_attribute = ou \
+\
+role_attribute_ignore = enabled \
+role_objectclass = groupOfNames \
+role_member_attribute = member \
+role_id_attribute = cn \
+role_name_attribute = ou \
+role_tree_dn = ou=Roles,${LDAP_DN} \
+' ${D}/etc/keystone/keystone.conf
+ fi
}
pkg_postinst_${SRCNAME}-setup () {
@@ -152,6 +195,9 @@ RDEPENDS_${PN} += " \
python-pbr \
"
+PACKAGECONFIG ?= "${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
+PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
+
# TODO:
# if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS