openstack team mailing list archive

Thread
Date

Re: LDAP support in Keystone Light/redux

To: Adam Young <ayoung@xxxxxxxxxx>
From: Ryan Lane <rlane@xxxxxxxxxxxxx>
Date: Thu, 9 Feb 2012 09:27:06 +0100
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4F332F6F.8010506@redhat.com>

On Thu, Feb 9, 2012 at 3:29 AM, Adam Young <ayoung@xxxxxxxxxx> wrote:
> I've made some strides in the KSL  LDAP  implementation.  I've set up a
> github  clone with the code pushed:
>
>
> https://github.com/admiyo/keystone/tree/ldap
>
> The code is ugly,  as I'm in "Just get it working" mode.  Cleanup will
> happend prior to any attempt to merge with the Redux branch.  I've attempted
> to keep the same set of unit tests running as are used for the SQL backend.
>  The one delta is  Metadata, as I am not sure how (or even if) we want to
> reflect that in LDAP.  I've made those three unit tests no-ops for LDAP.
>
> There are still more API calls to implement, (Tenant_Modify for example) and
> then I'll test out against a live Open LDAP  instance.
>
> The one change I've made from the old config is that fields like URL  no
> longer have ldap_  in front of them,  so the config will look something like
>
> [ldap]
> url = ldap://localhost
> user = cn=Admin
> password = password
> backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role']
> suffix ='cn=example,cn=com'
>
>
>
> Feedback requested.
>

Looking through the code, it appears that using ldaps:// may work for
LDAPS support, but is LDAP w/ TLS going to be supported as well? Have
you tested LDAPS support?

- Ryan

Follow ups

Re: LDAP support in Keystone Light/redux
From: Adam Young, 2012-02-09

References

LDAP support in Keystone Light/redux
From: Adam Young, 2012-02-09