openstack team mailing list archive
Mailing list archive
Re: LDAP support in Keystone Light/redux
On Thu, Feb 9, 2012 at 3:29 AM, Adam Young <ayoung@xxxxxxxxxx> wrote:
> I've made some strides in the KSL LDAP implementation. I've set up a
> github clone with the code pushed:
> The code is ugly, as I'm in "Just get it working" mode. Cleanup will
> happend prior to any attempt to merge with the Redux branch. I've attempted
> to keep the same set of unit tests running as are used for the SQL backend.
> The one delta is Metadata, as I am not sure how (or even if) we want to
> reflect that in LDAP. I've made those three unit tests no-ops for LDAP.
> There are still more API calls to implement, (Tenant_Modify for example) and
> then I'll test out against a live Open LDAP instance.
> The one change I've made from the old config is that fields like URL no
> longer have ldap_ in front of them, so the config will look something like
> url = ldap://localhost
> user = cn=Admin
> password = password
> backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role']
> suffix ='cn=example,cn=com'
> Feedback requested.
Looking through the code, it appears that using ldaps:// may work for
LDAPS support, but is LDAP w/ TLS going to be supported as well? Have
you tested LDAPS support?