diff options
| author |   Amy Fong <amy.fong@windriver.com> | 2014-07-29 14:30:18 -0400 |
|---|---|---|
| committer |   Bruce Ashfield <bruce.ashfield@windriver.com> | 2014-07-31 15:15:31 -0400 |
| commit | d8d277a739125808a24826df541a974aa42ffa1a (patch) | |
| tree | 814b03553ba7cc8f18a82434c2aca1be9dfb0379 /meta-openstack | |
| parent | a139fb7c0e26373d4ce8505e4ff75a9231e01bd4 (diff) | |
| download | meta-cloud-services-d8d277a739125808a24826df541a974aa42ffa1a.tar.gz meta-cloud-services-d8d277a739125808a24826df541a974aa42ffa1a.tar.bz2 meta-cloud-services-d8d277a739125808a24826df541a974aa42ffa1a.zip | |
keystone: enable openLDAP authentication
Modify python-keystone to use openldap. keystone's identity and
assignment backends are configured to utilitze the hybrid backend for
keystone. This backend uses the SQL backend by default and goes to the ldap
database if the user doesn't exist.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Diffstat (limited to 'meta-openstack')
| -rw-r--r-- | meta-openstack/recipes-devtools/python/python-keystone_git.bb | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb index df4b897b..be511e20 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb +++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb @@ -27,6 +27,8 @@ inherit setuptools update-rc.d identity hosts default_configs SERVICE_TOKEN = "password" TOKEN_FORMAT ?= "PKI" +LDAP_DN ?= "dc=my-domain,dc=com" + do_install_append() { KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone @@ -69,6 +71,47 @@ do_install_append() { sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" -i ${D}${sysconfdir}/init.d/keystone + + if ${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then + sed -i -e '/^\[identity\]/a \ +# Uncomment the following lines to enable the hybrid backend \ +# driver = keystone.identity.backends.hybrid_identity.Identity \ +#\ +# [assignment] \ +# driver = keystone.assignment.backends.hybrid_assignment.Assignment \ +' ${D}/etc/keystone/keystone.conf + + sed -i -e '/^\[ldap\]/a \ +url = ldap://localhost \ +user = cn=Manager,${LDAP_DN} \ +password = secret \ +suffix = ${LDAP_DN} \ +use_dumb_member = True \ +\ +user_tree_dn = ou=Users,${LDAP_DN} \ +user_attribute_ignore = enabled,email,tenants,default_project_id \ +user_id_attribute = uid \ +user_name_attribute = uid \ +user_mail_attribute = email \ +user_pass_attribute = keystonePassword \ +\ +tenant_tree_dn = ou=Groups,${LDAP_DN} \ +tenant_desc_attribute = description \ +tenant_domain_id_attribute = businessCategory \ +tenant_attribute_ignore = enabled \ +tenant_objectclass = groupOfNames \ +tenant_id_attribute = cn \ +tenant_member_attribute = member \ +tenant_name_attribute = ou \ +\ +role_attribute_ignore = enabled \ +role_objectclass = groupOfNames \ +role_member_attribute = member \ +role_id_attribute = cn \ +role_name_attribute = ou \ +role_tree_dn = ou=Roles,${LDAP_DN} \ +' ${D}/etc/keystone/keystone.conf + fi } pkg_postinst_${SRCNAME}-setup () { @@ -152,6 +195,9 @@ RDEPENDS_${PN} += " \ python-pbr \ " +PACKAGECONFIG ?= "${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}" +PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend" + # TODO: # if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS |