Merge "Remove additional references to ldap role attribs"

2016-01-22 19:03:22 +00:00 · 2016-01-22 19:03:22 +00:00 · 6324ce1eba
parent ea4abae947 0727114808
commit 6324ce1eba
5 changed files with 1 additions and 17 deletions
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@ -1671,9 +1671,6 @@ The corresponding entries in the Keystone configuration file are:
  user_tree_dn = ou=Users,dc=openstack,dc=org
  user_objectclass = inetOrgPerson

-  role_tree_dn = ou=Roles,dc=openstack,dc=org
-  role_objectclass = organizationalRole
-
 The default object classes and attributes are intentionally simplistic. They
 reflect the common standard objects according to the LDAP RFCs. However, in a
 live deployment, the correct attributes can be overridden to support a
@ -1701,10 +1698,6 @@ and you have only read access, in such case the configuration is:
  user_allow_update = False
  user_allow_delete = False

-  role_allow_create = True
-  role_allow_update = True
-  role_allow_delete = True
-
 There are some configuration options for filtering users, tenants and roles, if
 the backend is providing too much output, in such case the configuration will
 look like:
@ -1713,7 +1706,6 @@ look like:

  [ldap]
  user_filter = (memberof=CN=openstack-users,OU=workgroups,DC=openstack,DC=org)
-  role_filter =

 In case that the directory server does not have an attribute enabled of type
 boolean for the user, there is several configuration parameters that can be
@ -1753,11 +1745,6 @@ specified classes in the LDAP module so you can configure them like:
  user_enabled_mask         = 2
  user_enabled_default      = 512
  user_attribute_ignore     = tenant_id,tenants
-  role_objectclass          = organizationalRole
-  role_id_attribute         = cn
-  role_name_attribute       = ou
-  role_member_attribute     = roleOccupant
-  role_attribute_ignore     =

 Debugging LDAP
 --------------
--- a/keystone/tests/unit/backend/domain_config/core.py
+++ b/keystone/tests/unit/backend/domain_config/core.py
@ -438,7 +438,7 @@ class DomainConfigTests(object):
                          self.domain['id'], config)
        # Try an option that IS in the standard conf, but neither whitelisted
        # or marked as sensitive
-        config = {'ldap': {'role_tree_dn': uuid.uuid4().hex}}
+        config = {'identity': {'user_tree_dn': uuid.uuid4().hex}}
        self.assertRaises(exception.InvalidDomainConfig,
                          self.domain_config_api.create_config,
                          self.domain['id'], config)
--- a/keystone/tests/unit/config_files/backend_liveldap.conf
+++ b/keystone/tests/unit/config_files/backend_liveldap.conf
@ -4,7 +4,6 @@ user = cn=Manager,dc=openstack,dc=org
 password = test
 suffix = dc=openstack,dc=org
 group_tree_dn = ou=UserGroups,dc=openstack,dc=org
-role_tree_dn = ou=Roles,dc=openstack,dc=org
 user_tree_dn = ou=Users,dc=openstack,dc=org
 user_enabled_emulation = True
 user_mail_attribute = mail
--- a/keystone/tests/unit/config_files/backend_pool_liveldap.conf
+++ b/keystone/tests/unit/config_files/backend_pool_liveldap.conf
@ -4,7 +4,6 @@ user = cn=Manager,dc=openstack,dc=org
 password = test
 suffix = dc=openstack,dc=org
 group_tree_dn = ou=UserGroups,dc=openstack,dc=org
-role_tree_dn = ou=Roles,dc=openstack,dc=org
 user_tree_dn = ou=Users,dc=openstack,dc=org
 user_enabled_emulation = True
 user_mail_attribute = mail
--- a/keystone/tests/unit/config_files/backend_tls_liveldap.conf
+++ b/keystone/tests/unit/config_files/backend_tls_liveldap.conf
@ -4,7 +4,6 @@ user = dc=Manager,dc=openstack,dc=org
 password = test
 suffix = dc=openstack,dc=org
 group_tree_dn = ou=UserGroups,dc=openstack,dc=org
-role_tree_dn = ou=Roles,dc=openstack,dc=org
 user_tree_dn = ou=Users,dc=openstack,dc=org
 user_enabled_emulation = True
 user_mail_attribute = mail