aboutsummaryrefslogtreecommitdiffstats
path: root/meta-openstack
diff options
context:
space:
mode:
authorAmy Fong <amy.fong@windriver.com>2014-07-29 14:30:18 -0400
committerBruce Ashfield <bruce.ashfield@windriver.com>2014-07-31 15:15:31 -0400
commitd8d277a739125808a24826df541a974aa42ffa1a (patch)
tree814b03553ba7cc8f18a82434c2aca1be9dfb0379 /meta-openstack
parenta139fb7c0e26373d4ce8505e4ff75a9231e01bd4 (diff)
downloadmeta-cloud-services-d8d277a739125808a24826df541a974aa42ffa1a.tar.gz
meta-cloud-services-d8d277a739125808a24826df541a974aa42ffa1a.tar.bz2
meta-cloud-services-d8d277a739125808a24826df541a974aa42ffa1a.zip
keystone: enable openLDAP authentication
Modify python-keystone to use openldap. keystone's identity and assignment backends are configured to utilitze the hybrid backend for keystone. This backend uses the SQL backend by default and goes to the ldap database if the user doesn't exist. Signed-off-by: Amy Fong <amy.fong@windriver.com>
Diffstat (limited to 'meta-openstack')
-rw-r--r--meta-openstack/recipes-devtools/python/python-keystone_git.bb46
1 files changed, 46 insertions, 0 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
index df4b897b..be511e20 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb
+++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
@@ -27,6 +27,8 @@ inherit setuptools update-rc.d identity hosts default_configs
SERVICE_TOKEN = "password"
TOKEN_FORMAT ?= "PKI"
+LDAP_DN ?= "dc=my-domain,dc=com"
+
do_install_append() {
KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
@@ -69,6 +71,47 @@ do_install_append() {
sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone
sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone
sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" -i ${D}${sysconfdir}/init.d/keystone
+
+ if ${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then
+ sed -i -e '/^\[identity\]/a \
+# Uncomment the following lines to enable the hybrid backend \
+# driver = keystone.identity.backends.hybrid_identity.Identity \
+#\
+# [assignment] \
+# driver = keystone.assignment.backends.hybrid_assignment.Assignment \
+' ${D}/etc/keystone/keystone.conf
+
+ sed -i -e '/^\[ldap\]/a \
+url = ldap://localhost \
+user = cn=Manager,${LDAP_DN} \
+password = secret \
+suffix = ${LDAP_DN} \
+use_dumb_member = True \
+\
+user_tree_dn = ou=Users,${LDAP_DN} \
+user_attribute_ignore = enabled,email,tenants,default_project_id \
+user_id_attribute = uid \
+user_name_attribute = uid \
+user_mail_attribute = email \
+user_pass_attribute = keystonePassword \
+\
+tenant_tree_dn = ou=Groups,${LDAP_DN} \
+tenant_desc_attribute = description \
+tenant_domain_id_attribute = businessCategory \
+tenant_attribute_ignore = enabled \
+tenant_objectclass = groupOfNames \
+tenant_id_attribute = cn \
+tenant_member_attribute = member \
+tenant_name_attribute = ou \
+\
+role_attribute_ignore = enabled \
+role_objectclass = groupOfNames \
+role_member_attribute = member \
+role_id_attribute = cn \
+role_name_attribute = ou \
+role_tree_dn = ou=Roles,${LDAP_DN} \
+' ${D}/etc/keystone/keystone.conf
+ fi
}
pkg_postinst_${SRCNAME}-setup () {
@@ -152,6 +195,9 @@ RDEPENDS_${PN} += " \
python-pbr \
"
+PACKAGECONFIG ?= "${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
+PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
+
# TODO:
# if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS