← Back to team overview

openstack team mailing list archive

LDAP support in Keystone Light/redux


I've made some strides in the KSL LDAP implementation. I've set up a github clone with the code pushed:


The code is ugly, as I'm in "Just get it working" mode. Cleanup will happend prior to any attempt to merge with the Redux branch. I've attempted to keep the same set of unit tests running as are used for the SQL backend. The one delta is Metadata, as I am not sure how (or even if) we want to reflect that in LDAP. I've made those three unit tests no-ops for LDAP.

There are still more API calls to implement, (Tenant_Modify for example) and then I'll test out against a live Open LDAP instance.

The one change I've made from the old config is that fields like URL no longer have ldap_ in front of them, so the config will look something like

url = ldap://localhost
user = cn=Admin
password = password
backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role']
suffix ='cn=example,cn=com'

Feedback requested.

Follow ups