More LDAP tweaks
This commit is contained in:
parent
12004184f6
commit
49cfcd5ca7
20
README.md
20
README.md
|
@ -369,3 +369,23 @@ We could potentially integrate with those:
|
|||
[OAUTH2](http://oauth.net/2/)
|
||||
|
||||
[SAML] (http://saml.xml.org/)
|
||||
|
||||
### LDAP Setup
|
||||
|
||||
#### On a Mac
|
||||
|
||||
Using macports:
|
||||
sudo port install openldap
|
||||
|
||||
Looks like python-ldap needs recompiling to work. So:
|
||||
download it from here: http://pypi.python.org/pypi/python-ldap/2.4.1
|
||||
unpack it and go to the unpacked directory
|
||||
|
||||
edit setup.cfg (set lines below):
|
||||
|
||||
library_dirs = /opt/local/lib
|
||||
include_dirs = /opt/local/include /usr/include/sasl
|
||||
|
||||
then run:
|
||||
python setup.py build
|
||||
sudo python setup.py install
|
||||
|
|
|
@ -173,7 +173,8 @@ def Main():
|
|||
print "SUCCESS: Tenant %s created." % object.id
|
||||
return
|
||||
except Exception as exc:
|
||||
raise Exception("Failed to create tenant %s" % (object_id,), sys.exc_info())
|
||||
raise Exception("Failed to create tenant %s" % (object_id,),
|
||||
sys.exc_info())
|
||||
elif command == "list":
|
||||
try:
|
||||
objects = db_api.tenant.get_all()
|
||||
|
@ -395,6 +396,6 @@ if __name__ == '__main__':
|
|||
print "ERROR: %s" % (exc,)
|
||||
logging.error(str(exc))
|
||||
else:
|
||||
print "ERROR: %s: %s" % (exc.args[0], info[1].message)
|
||||
print "ERROR: %s: %s" % (exc.args[0], info)
|
||||
logging.error(exc.args[0], exc_info=info)
|
||||
sys.exit(1)
|
||||
|
|
|
@ -17,7 +17,7 @@ log_file = keystone.log
|
|||
|
||||
# List of backends to be configured
|
||||
backends = keystone.backends.sqlalchemy,keystone.backends.alterdb
|
||||
#,keystone.backends.ldap
|
||||
#For LDAP support, add: ,keystone.backends.ldap
|
||||
|
||||
# Dictionary Maps every service to a header.Missing services would get header
|
||||
# X_(SERVICE_NAME) Key => Service Name, Value => Header Name
|
||||
|
@ -48,7 +48,7 @@ keystone-admin-role = Admin
|
|||
# See: http://bit.ly/ideIpI
|
||||
sql_connection = sqlite:///keystone.db
|
||||
backend_entities = ['UserGroupAssociation', 'UserRoleAssociation', 'Endpoints',
|
||||
'Role', 'Tenant', 'User', 'Credentials', 'Group', 'EndpointTemplates']
|
||||
'Role', 'Tenant', 'User', 'Group', 'Credentials', 'EndpointTemplates']
|
||||
|
||||
# Period in seconds after which SQLAlchemy should reestablish its connection
|
||||
# to the database.
|
||||
|
@ -69,6 +69,8 @@ sql_idle_timeout = 30
|
|||
ldap_url = fake://ldap.db
|
||||
ldap_user = cn=Admin
|
||||
ldap_password = password
|
||||
backend_entities = ['Tenant', 'User', 'Group']
|
||||
|
||||
|
||||
[pipeline:admin]
|
||||
pipeline =
|
||||
|
|
|
@ -1,3 +1,20 @@
|
|||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Copyright 2010 OpenStack LLC.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import ldap
|
||||
|
||||
import keystone.backends.api as top_api
|
||||
|
|
|
@ -9,6 +9,8 @@ if __name__ == '__main__':
|
|||
#remove pre-existing test databases
|
||||
subprocess.call(['rm', os.path.join(test_dir, 'keystone.db')])
|
||||
subprocess.call(['rm', os.path.join(test_dir, 'keystone.token.db')])
|
||||
subprocess.call(['rm', os.path.join(test_dir, 'ldap.db')])
|
||||
subprocess.call(['rm', os.path.join(test_dir, 'ldap.db.db')])
|
||||
|
||||
# populate the test database
|
||||
subprocess.check_call([os.path.join(test_dir, '../../bin/sampledata.sh')])
|
||||
|
@ -39,3 +41,5 @@ if __name__ == '__main__':
|
|||
# remove test databases
|
||||
subprocess.call(['rm', os.path.join(test_dir, 'keystone.db')])
|
||||
subprocess.call(['rm', os.path.join(test_dir, 'keystone.token.db')])
|
||||
subprocess.call(['rm', os.path.join(test_dir, 'ldap.db')])
|
||||
subprocess.call(['rm', os.path.join(test_dir, 'ldap.db.db')])
|
||||
|
|
|
@ -8,4 +8,4 @@ sqlalchemy
|
|||
webob
|
||||
Routes
|
||||
httplib2
|
||||
python-ldap # optional authentication backend
|
||||
python-ldap # optional authentication backend (may require OpenLDAP libs)
|
||||
|
|
Loading…
Reference in New Issue