Correct Tree DN

instead of cn=example,cn=com,ou=Users code now generates ou=Users,cn=example,cn=com Getting stricter in testing and adding some regression testing Fixes Bug 980209 Change-Id: Ib97e6cb00848ea183c7e1f2b2589b25924a08caa
2012-06-27 18:20:16 -04:00 · 2012-06-27 18:20:16 -04:00 · 58105d8f56
commit 58105d8f56
parent 478cde128b
4 changed files with 19 additions and 8 deletions
--- a/keystone/common/ldap/core.py
+++ b/keystone/common/ldap/core.py
@ -83,7 +83,7 @@ class BaseLdap(object):
                self.suffix = self.DEFAULT_SUFFIX
            dn = '%s_tree_dn' % self.options_name
            self.tree_dn = (getattr(conf.ldap, dn)
-                            or '%s,%s' % (self.suffix, self.DEFAULT_OU))
+                            or '%s,%s' % (self.DEFAULT_OU, self.suffix))

            idatt = '%s_id_attribute' % self.options_name
            self.id_attr = getattr(conf.ldap, idatt) or self.DEFAULT_ID_ATTR
--- a/keystone/config.py
+++ b/keystone/config.py
@ -151,20 +151,17 @@ register_str('password', group='ldap', default='freeipa4all')
 register_str('suffix', group='ldap', default='cn=example,cn=com')
 register_bool('use_dumb_member', group='ldap', default=False)

-register_str('user_tree_dn', group='ldap',
-             default='ou=Users,dc=example,dc=com')
+register_str('user_tree_dn', group='ldap', default=None)
 register_str('user_objectclass', group='ldap', default='inetOrgPerson')
 register_str('user_id_attribute', group='ldap', default='cn')

-register_str('tenant_tree_dn', group='ldap',
-             default='ou=Groups,dc=example,dc=com')
+register_str('tenant_tree_dn', group='ldap', default=None)
 register_str('tenant_objectclass', group='ldap', default='groupOfNames')
 register_str('tenant_id_attribute', group='ldap', default='cn')
 register_str('tenant_member_attribute', group='ldap', default='member')


-register_str('role_tree_dn', group='ldap',
-             default='ou=Roles,dc=example,dc=com')
+register_str('role_tree_dn', group='ldap', default=None)
 register_str('role_objectclass', group='ldap', default='organizationalRole')
 register_str('role_id_attribute', group='ldap', default='cn')
 register_str('role_member_attribute', group='ldap', default='roleOccupant')
--- a/tests/backend_ldap.conf
+++ b/tests/backend_ldap.conf
@ -3,7 +3,9 @@ url = fake://memory
 user = cn=Admin
 password = password
 backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role']
-tree_dn = cn=example,cn=com
+suffix = cn=example,cn=com
+
+

 [identity]
 driver = keystone.identity.backends.ldap.Identity
--- a/tests/test_backend_ldap.py
+++ b/tests/test_backend_ldap.py
@ -135,3 +135,15 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
        self.assertRaises(exception.NotImplemented,
                          self.identity_api.get_tenant_users,
                          tenant_id=uuid.uuid4().hex)
+
+    def test_build_tree(self):
+        """Regression test for building the tree names
+        """
+        self.config([test.etcdir('keystone.conf.sample'),
+                     test.testsdir('test_overrides.conf'),
+                     test.testsdir('backend_ldap.conf')])
+
+        user_api = identity_ldap.UserApi(CONF)
+        self.assertTrue(user_api)
+        self.assertEquals(user_api.tree_dn, "ou=Users,%s" % CONF.ldap.suffix)
+