More LDAP tweaks

README.md

@@ -369,3 +369,23 @@ We could potentially integrate with those:
 [OAUTH2](http://oauth.net/2/)
 
 [SAML] (http://saml.xml.org/)
+
+### LDAP Setup
+
+#### On a Mac
+
+Using macports:
+sudo port install openldap
+
+Looks like python-ldap needs recompiling to work. So:
+download it from here: http://pypi.python.org/pypi/python-ldap/2.4.1
+unpack it and go to the unpacked directory
+
+edit setup.cfg (set lines below):
+
+  library_dirs = /opt/local/lib
+  include_dirs = /opt/local/include /usr/include/sasl
+
+then run:
+python setup.py build
+sudo python setup.py install

bin/keystone-manage

@@ -173,7 +173,8 @@ def Main():
                 print "SUCCESS: Tenant %s created." % object.id
                 return
             except Exception as exc:
-                raise Exception("Failed to create tenant %s" % (object_id,), sys.exc_info())
+                raise Exception("Failed to create tenant %s" % (object_id,),
+                                sys.exc_info())
         elif command == "list":
             try:
                 objects = db_api.tenant.get_all()
@@ -395,6 +396,6 @@ if __name__ == '__main__':
             print "ERROR: %s" % (exc,)
             logging.error(str(exc))
         else:
-            print "ERROR: %s: %s" % (exc.args[0], info[1].message)
+            print "ERROR: %s: %s" % (exc.args[0], info)
             logging.error(exc.args[0], exc_info=info)
         sys.exit(1)

etc/keystone.conf

@@ -17,7 +17,7 @@ log_file = keystone.log
 
 # List of backends to be configured
 backends = keystone.backends.sqlalchemy,keystone.backends.alterdb
-#,keystone.backends.ldap
+#For LDAP support, add: ,keystone.backends.ldap
 
 # Dictionary Maps every service to a header.Missing services would get header 
 # X_(SERVICE_NAME) Key => Service Name, Value => Header Name
@@ -48,7 +48,7 @@ keystone-admin-role = Admin
 # See: http://bit.ly/ideIpI
 sql_connection = sqlite:///keystone.db
 backend_entities = ['UserGroupAssociation', 'UserRoleAssociation', 'Endpoints',
-	'Role', 'Tenant', 'User', 'Credentials', 'Group', 'EndpointTemplates']
+	'Role', 'Tenant', 'User', 'Group', 'Credentials', 'EndpointTemplates']
 
 # Period in seconds after which SQLAlchemy should reestablish its connection
 # to the database.
@@ -69,6 +69,8 @@ sql_idle_timeout = 30
 ldap_url = fake://ldap.db
 ldap_user = cn=Admin
 ldap_password = password
+backend_entities = ['Tenant', 'User', 'Group']
+
 
 [pipeline:admin]
 pipeline =

keystone/backends/ldap/__init__.py

@@ -1,3 +1,20 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2010 OpenStack LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
 import ldap
 
 import keystone.backends.api as top_api

keystone/test/run_tests.py

@@ -9,6 +9,8 @@ if __name__ == '__main__':
     #remove pre-existing test databases
     subprocess.call(['rm', os.path.join(test_dir, 'keystone.db')])
     subprocess.call(['rm', os.path.join(test_dir, 'keystone.token.db')])
+    subprocess.call(['rm', os.path.join(test_dir, 'ldap.db')])
+    subprocess.call(['rm', os.path.join(test_dir, 'ldap.db.db')])
 
     # populate the test database
     subprocess.check_call([os.path.join(test_dir, '../../bin/sampledata.sh')])
@@ -39,3 +41,5 @@ if __name__ == '__main__':
         # remove test databases
         subprocess.call(['rm', os.path.join(test_dir, 'keystone.db')])
         subprocess.call(['rm', os.path.join(test_dir, 'keystone.token.db')])
+        subprocess.call(['rm', os.path.join(test_dir, 'ldap.db')])
+        subprocess.call(['rm', os.path.join(test_dir, 'ldap.db.db')])

tools/pip-requires

@@ -8,4 +8,4 @@ sqlalchemy
 webob
 Routes
 httplib2
-python-ldap # optional authentication backend
+python-ldap # optional authentication backend (may require OpenLDAP libs)