← Back to team overview

openstack team mailing list archive

Re: LDAP support in Keystone Light/redux


On Thu, Feb 9, 2012 at 3:29 AM, Adam Young <ayoung@xxxxxxxxxx> wrote:
> I've made some strides in the KSL  LDAP  implementation.  I've set up a
> github  clone with the code pushed:
> https://github.com/admiyo/keystone/tree/ldap
> The code is ugly,  as I'm in "Just get it working" mode.  Cleanup will
> happend prior to any attempt to merge with the Redux branch.  I've attempted
> to keep the same set of unit tests running as are used for the SQL backend.
>  The one delta is  Metadata, as I am not sure how (or even if) we want to
> reflect that in LDAP.  I've made those three unit tests no-ops for LDAP.
> There are still more API calls to implement, (Tenant_Modify for example) and
> then I'll test out against a live Open LDAP  instance.
> The one change I've made from the old config is that fields like URL  no
> longer have ldap_  in front of them,  so the config will look something like
> [ldap]
> url = ldap://localhost
> user = cn=Admin
> password = password
> backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role']
> suffix ='cn=example,cn=com'
> Feedback requested.

Looking through the code, it appears that using ldaps:// may work for
LDAPS support, but is LDAP w/ TLS going to be supported as well? Have
you tested LDAPS support?

- Ryan

Follow ups