openstack
/
charm-keystone-ldap
Code Issues Proposed changes
charm-keystone-ldap/src
History
David Ames 7905625554 Enable Ocata Amulet Tests 
- Add Zesty as a supported series to metadata.yaml.
- Turn on Xenial-Ocata Amulet test definitions.
- Sync charm helpers to get Juju 2.x amulet compatibility.
- Keeping Zesty-Ocata Amulet test definitions turned off until the
  metadata.yaml changes propagate to the charm store.
- Sync tox.ini to resolve amulet test failures.
- Drop direct install of python-ldap and let python-ldappool pull
  in the right dependency, resolving Ocata install issues.

Change-Id: I25f3e904a4727af4efb80c36c45e4c0a21f26ec0
 		2017-03-28 15:49:53 +01:00
..
lib/charm/openstack Enable Ocata Amulet Tests 2017-03-28 15:49:53 +01:00
reactive Initial baseline of charm 2017-01-27 14:31:20 +00:00
templates Add support for ldap-config-flags 2017-01-27 15:07:32 +00:00
tests Enable Ocata Amulet Tests 2017-03-28 15:49:53 +01:00
README.md Documentation for complex LDAP options 2017-03-24 14:03:22 -07:00
config.yaml Documentation for complex LDAP options 2017-03-24 14:03:22 -07:00
copyright Initial baseline of charm 2017-01-27 14:31:20 +00:00
icon.svg Update icon 2017-01-27 17:40:29 +00:00
layer.yaml Initial baseline of charm 2017-01-27 14:31:20 +00:00
metadata.yaml Enable Ocata Amulet Tests 2017-03-28 15:49:53 +01:00
test-requirements.txt Add basic amulet tests, with AMULET overrides for configuration 2017-01-30 12:33:13 +00:00
tox.ini Enable Ocata Amulet Tests 2017-03-28 15:49:53 +01:00

README.md

Overview

This subordinate charm provides a LDAP domain backend for integrating a Keystone v3 deployment with an external LDAP based authentication system.

Usage

Use this charm with the Keystone charm, running with preferred-api-version=3:

juju deploy keystone
juju config keystone preferred-api-version=3
juju deploy keystone-ldap
juju add-relation keystone-ldap keystone

Configuration Options

LDAP configuration is provided to this charm via configuration options:

juju config keystone-ldap ldap-server="ldap://10.10.10.10/" \
            ldap-user="cn=admin,dc=test,dc=com" \
            ldap-password="password" \
            ldap-suffix="dc=test,dc=com"

By default, the name of the application ('keystone-ldap') is the name of the domain for which a domain specific configuration will be configured; you can change this using the domain-name option:

juju config keystone-ldap domain-name="myorganisationname"

The keystone charm will automatically create a domain to support the backend once deployed.

LDAP configurations can be quite complex. The ldap-config-flags configuration option provides the mechanism to pass arbitrary configuration options to keystone in order to handle any given LDAP backend's specific requirements.

For very simple LDAP configurations a string of comma delimited key=value pairs can be used:

juju config keystone-ldap \
    ldap-config-flags="user_id_attribute=cn,user_name_attribute=cn"

For more complex configurations such as working with Active Directory use a configuration yaml file.

juju config keystone-ldap --file flags-config.yaml

Where flags-config.yaml has the contents similar to the following. The ldap-config-flags value uses a json like string for the key value pairs:

keystone-ldap: ldap-config-flags: "{ user_tree_dn: 'DC=dc1,DC=ad,DC=example,DC=com', user_filter: '(memberOf=CN=users-cn,OU=Groups,DC=dc1,DC=ad,DC=example,DC=com)', query_scope: sub, user_objectclass: person, user_name_attribute: sAMAccountName, user_id_attribute: sAMAccountName, user_mail_attribute: mail, user_enabled_attribute: userAccountControl, user_enabled_mask: 2, user_enabled_default: 512, user_attribute_ignore: 'password,tenant_id,tenants', user_allow_create: False, user_allow_update: False, user_allow_delete: False, }"

Note: The double quotes and braces around the whole string. And single quotes around the individual complex values.

Bugs

Please report bugs on Launchpad.

For general questions please refer to the OpenStack Charm Guide.