Remove additional references to ldap role attribs
This removes additional references to ldap role attributes found in the documentation and tests. Commit I1bd02d5834814959a93601fe53f115d0f9cc08a8 removed the ldap role backend. Change-Id: If8e74aca9b983c0f0e9779ea6e5e1260c1eb6dd7
This commit is contained in:
parent
73a39e1b9e
commit
0727114808
@ -1671,9 +1671,6 @@ The corresponding entries in the Keystone configuration file are:
|
||||
user_tree_dn = ou=Users,dc=openstack,dc=org
|
||||
user_objectclass = inetOrgPerson
|
||||
|
||||
role_tree_dn = ou=Roles,dc=openstack,dc=org
|
||||
role_objectclass = organizationalRole
|
||||
|
||||
The default object classes and attributes are intentionally simplistic. They
|
||||
reflect the common standard objects according to the LDAP RFCs. However, in a
|
||||
live deployment, the correct attributes can be overridden to support a
|
||||
@ -1701,10 +1698,6 @@ and you have only read access, in such case the configuration is:
|
||||
user_allow_update = False
|
||||
user_allow_delete = False
|
||||
|
||||
role_allow_create = True
|
||||
role_allow_update = True
|
||||
role_allow_delete = True
|
||||
|
||||
There are some configuration options for filtering users, tenants and roles, if
|
||||
the backend is providing too much output, in such case the configuration will
|
||||
look like:
|
||||
@ -1713,7 +1706,6 @@ look like:
|
||||
|
||||
[ldap]
|
||||
user_filter = (memberof=CN=openstack-users,OU=workgroups,DC=openstack,DC=org)
|
||||
role_filter =
|
||||
|
||||
In case that the directory server does not have an attribute enabled of type
|
||||
boolean for the user, there is several configuration parameters that can be
|
||||
@ -1753,11 +1745,6 @@ specified classes in the LDAP module so you can configure them like:
|
||||
user_enabled_mask = 2
|
||||
user_enabled_default = 512
|
||||
user_attribute_ignore = tenant_id,tenants
|
||||
role_objectclass = organizationalRole
|
||||
role_id_attribute = cn
|
||||
role_name_attribute = ou
|
||||
role_member_attribute = roleOccupant
|
||||
role_attribute_ignore =
|
||||
|
||||
Debugging LDAP
|
||||
--------------
|
||||
|
@ -438,7 +438,7 @@ class DomainConfigTests(object):
|
||||
self.domain['id'], config)
|
||||
# Try an option that IS in the standard conf, but neither whitelisted
|
||||
# or marked as sensitive
|
||||
config = {'ldap': {'role_tree_dn': uuid.uuid4().hex}}
|
||||
config = {'identity': {'user_tree_dn': uuid.uuid4().hex}}
|
||||
self.assertRaises(exception.InvalidDomainConfig,
|
||||
self.domain_config_api.create_config,
|
||||
self.domain['id'], config)
|
||||
|
@ -4,7 +4,6 @@ user = cn=Manager,dc=openstack,dc=org
|
||||
password = test
|
||||
suffix = dc=openstack,dc=org
|
||||
group_tree_dn = ou=UserGroups,dc=openstack,dc=org
|
||||
role_tree_dn = ou=Roles,dc=openstack,dc=org
|
||||
user_tree_dn = ou=Users,dc=openstack,dc=org
|
||||
user_enabled_emulation = True
|
||||
user_mail_attribute = mail
|
||||
|
@ -4,7 +4,6 @@ user = cn=Manager,dc=openstack,dc=org
|
||||
password = test
|
||||
suffix = dc=openstack,dc=org
|
||||
group_tree_dn = ou=UserGroups,dc=openstack,dc=org
|
||||
role_tree_dn = ou=Roles,dc=openstack,dc=org
|
||||
user_tree_dn = ou=Users,dc=openstack,dc=org
|
||||
user_enabled_emulation = True
|
||||
user_mail_attribute = mail
|
||||
|
@ -4,7 +4,6 @@ user = dc=Manager,dc=openstack,dc=org
|
||||
password = test
|
||||
suffix = dc=openstack,dc=org
|
||||
group_tree_dn = ou=UserGroups,dc=openstack,dc=org
|
||||
role_tree_dn = ou=Roles,dc=openstack,dc=org
|
||||
user_tree_dn = ou=Users,dc=openstack,dc=org
|
||||
user_enabled_emulation = True
|
||||
user_mail_attribute = mail
|
||||
|
Loading…
Reference in New Issue
Block a user