Remove additional references to ldap role attribs

This removes additional references to ldap role attributes found
in the documentation and tests.

Commit I1bd02d5834814959a93601fe53f115d0f9cc08a8 removed the ldap
role backend.

Change-Id: If8e74aca9b983c0f0e9779ea6e5e1260c1eb6dd7

doc/source/configuration.rst

@@ -1671,9 +1671,6 @@ The corresponding entries in the Keystone configuration file are:
   user_tree_dn = ou=Users,dc=openstack,dc=org
   user_objectclass = inetOrgPerson
 
-  role_tree_dn = ou=Roles,dc=openstack,dc=org
-  role_objectclass = organizationalRole
-
 The default object classes and attributes are intentionally simplistic. They
 reflect the common standard objects according to the LDAP RFCs. However, in a
 live deployment, the correct attributes can be overridden to support a
@@ -1701,10 +1698,6 @@ and you have only read access, in such case the configuration is:
   user_allow_update = False
   user_allow_delete = False
 
-  role_allow_create = True
-  role_allow_update = True
-  role_allow_delete = True
-
 There are some configuration options for filtering users, tenants and roles, if
 the backend is providing too much output, in such case the configuration will
 look like:
@@ -1713,7 +1706,6 @@ look like:
 
   [ldap]
   user_filter = (memberof=CN=openstack-users,OU=workgroups,DC=openstack,DC=org)
-  role_filter =
 
 In case that the directory server does not have an attribute enabled of type
 boolean for the user, there is several configuration parameters that can be
@@ -1753,11 +1745,6 @@ specified classes in the LDAP module so you can configure them like:
   user_enabled_mask         = 2
   user_enabled_default      = 512
   user_attribute_ignore     = tenant_id,tenants
-  role_objectclass          = organizationalRole
-  role_id_attribute         = cn
-  role_name_attribute       = ou
-  role_member_attribute     = roleOccupant
-  role_attribute_ignore     =
 
 Debugging LDAP
 --------------

keystone/tests/unit/backend/domain_config/core.py

@@ -438,7 +438,7 @@ class DomainConfigTests(object):
                           self.domain['id'], config)
         # Try an option that IS in the standard conf, but neither whitelisted
         # or marked as sensitive
-        config = {'ldap': {'role_tree_dn': uuid.uuid4().hex}}
+        config = {'identity': {'user_tree_dn': uuid.uuid4().hex}}
         self.assertRaises(exception.InvalidDomainConfig,
                           self.domain_config_api.create_config,
                           self.domain['id'], config)

keystone/tests/unit/config_files/backend_liveldap.conf

@@ -4,7 +4,6 @@ user = cn=Manager,dc=openstack,dc=org
 password = test
 suffix = dc=openstack,dc=org
 group_tree_dn = ou=UserGroups,dc=openstack,dc=org
-role_tree_dn = ou=Roles,dc=openstack,dc=org
 user_tree_dn = ou=Users,dc=openstack,dc=org
 user_enabled_emulation = True
 user_mail_attribute = mail

keystone/tests/unit/config_files/backend_pool_liveldap.conf

@@ -4,7 +4,6 @@ user = cn=Manager,dc=openstack,dc=org
 password = test
 suffix = dc=openstack,dc=org
 group_tree_dn = ou=UserGroups,dc=openstack,dc=org
-role_tree_dn = ou=Roles,dc=openstack,dc=org
 user_tree_dn = ou=Users,dc=openstack,dc=org
 user_enabled_emulation = True
 user_mail_attribute = mail

keystone/tests/unit/config_files/backend_tls_liveldap.conf

@@ -4,7 +4,6 @@ user = dc=Manager,dc=openstack,dc=org
 password = test
 suffix = dc=openstack,dc=org
 group_tree_dn = ou=UserGroups,dc=openstack,dc=org
-role_tree_dn = ou=Roles,dc=openstack,dc=org
 user_tree_dn = ou=Users,dc=openstack,dc=org
 user_enabled_emulation = True
 user_mail_attribute = mail