Remove additional references to ldap role attribs

This removes additional references to ldap role attributes found
in the documentation and tests.

Commit I1bd02d5834814959a93601fe53f115d0f9cc08a8 removed the ldap
role backend.

Change-Id: If8e74aca9b983c0f0e9779ea6e5e1260c1eb6dd7
This commit is contained in:
Eric Brown 2016-01-20 16:09:19 -08:00 committed by Steve Martinelli
parent 73a39e1b9e
commit 0727114808
5 changed files with 1 additions and 17 deletions

View File

@ -1671,9 +1671,6 @@ The corresponding entries in the Keystone configuration file are:
user_tree_dn = ou=Users,dc=openstack,dc=org
user_objectclass = inetOrgPerson
role_tree_dn = ou=Roles,dc=openstack,dc=org
role_objectclass = organizationalRole
The default object classes and attributes are intentionally simplistic. They
reflect the common standard objects according to the LDAP RFCs. However, in a
live deployment, the correct attributes can be overridden to support a
@ -1701,10 +1698,6 @@ and you have only read access, in such case the configuration is:
user_allow_update = False
user_allow_delete = False
role_allow_create = True
role_allow_update = True
role_allow_delete = True
There are some configuration options for filtering users, tenants and roles, if
the backend is providing too much output, in such case the configuration will
look like:
@ -1713,7 +1706,6 @@ look like:
[ldap]
user_filter = (memberof=CN=openstack-users,OU=workgroups,DC=openstack,DC=org)
role_filter =
In case that the directory server does not have an attribute enabled of type
boolean for the user, there is several configuration parameters that can be
@ -1753,11 +1745,6 @@ specified classes in the LDAP module so you can configure them like:
user_enabled_mask = 2
user_enabled_default = 512
user_attribute_ignore = tenant_id,tenants
role_objectclass = organizationalRole
role_id_attribute = cn
role_name_attribute = ou
role_member_attribute = roleOccupant
role_attribute_ignore =
Debugging LDAP
--------------

View File

@ -438,7 +438,7 @@ class DomainConfigTests(object):
self.domain['id'], config)
# Try an option that IS in the standard conf, but neither whitelisted
# or marked as sensitive
config = {'ldap': {'role_tree_dn': uuid.uuid4().hex}}
config = {'identity': {'user_tree_dn': uuid.uuid4().hex}}
self.assertRaises(exception.InvalidDomainConfig,
self.domain_config_api.create_config,
self.domain['id'], config)

View File

@ -4,7 +4,6 @@ user = cn=Manager,dc=openstack,dc=org
password = test
suffix = dc=openstack,dc=org
group_tree_dn = ou=UserGroups,dc=openstack,dc=org
role_tree_dn = ou=Roles,dc=openstack,dc=org
user_tree_dn = ou=Users,dc=openstack,dc=org
user_enabled_emulation = True
user_mail_attribute = mail

View File

@ -4,7 +4,6 @@ user = cn=Manager,dc=openstack,dc=org
password = test
suffix = dc=openstack,dc=org
group_tree_dn = ou=UserGroups,dc=openstack,dc=org
role_tree_dn = ou=Roles,dc=openstack,dc=org
user_tree_dn = ou=Users,dc=openstack,dc=org
user_enabled_emulation = True
user_mail_attribute = mail

View File

@ -4,7 +4,6 @@ user = dc=Manager,dc=openstack,dc=org
password = test
suffix = dc=openstack,dc=org
group_tree_dn = ou=UserGroups,dc=openstack,dc=org
role_tree_dn = ou=Roles,dc=openstack,dc=org
user_tree_dn = ou=Users,dc=openstack,dc=org
user_enabled_emulation = True
user_mail_attribute = mail