diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index 9757f436eb..3d37fadf76 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -1671,9 +1671,6 @@ The corresponding entries in the Keystone configuration file are: user_tree_dn = ou=Users,dc=openstack,dc=org user_objectclass = inetOrgPerson - role_tree_dn = ou=Roles,dc=openstack,dc=org - role_objectclass = organizationalRole - The default object classes and attributes are intentionally simplistic. They reflect the common standard objects according to the LDAP RFCs. However, in a live deployment, the correct attributes can be overridden to support a @@ -1701,10 +1698,6 @@ and you have only read access, in such case the configuration is: user_allow_update = False user_allow_delete = False - role_allow_create = True - role_allow_update = True - role_allow_delete = True - There are some configuration options for filtering users, tenants and roles, if the backend is providing too much output, in such case the configuration will look like: @@ -1713,7 +1706,6 @@ look like: [ldap] user_filter = (memberof=CN=openstack-users,OU=workgroups,DC=openstack,DC=org) - role_filter = In case that the directory server does not have an attribute enabled of type boolean for the user, there is several configuration parameters that can be @@ -1753,11 +1745,6 @@ specified classes in the LDAP module so you can configure them like: user_enabled_mask = 2 user_enabled_default = 512 user_attribute_ignore = tenant_id,tenants - role_objectclass = organizationalRole - role_id_attribute = cn - role_name_attribute = ou - role_member_attribute = roleOccupant - role_attribute_ignore = Debugging LDAP -------------- diff --git a/keystone/tests/unit/backend/domain_config/core.py b/keystone/tests/unit/backend/domain_config/core.py index a9a703e08b..0278dfff32 100644 --- a/keystone/tests/unit/backend/domain_config/core.py +++ b/keystone/tests/unit/backend/domain_config/core.py @@ -438,7 +438,7 @@ class DomainConfigTests(object): self.domain['id'], config) # Try an option that IS in the standard conf, but neither whitelisted # or marked as sensitive - config = {'ldap': {'role_tree_dn': uuid.uuid4().hex}} + config = {'identity': {'user_tree_dn': uuid.uuid4().hex}} self.assertRaises(exception.InvalidDomainConfig, self.domain_config_api.create_config, self.domain['id'], config) diff --git a/keystone/tests/unit/config_files/backend_liveldap.conf b/keystone/tests/unit/config_files/backend_liveldap.conf index cedc0f1099..bb9ee08f51 100644 --- a/keystone/tests/unit/config_files/backend_liveldap.conf +++ b/keystone/tests/unit/config_files/backend_liveldap.conf @@ -4,7 +4,6 @@ user = cn=Manager,dc=openstack,dc=org password = test suffix = dc=openstack,dc=org group_tree_dn = ou=UserGroups,dc=openstack,dc=org -role_tree_dn = ou=Roles,dc=openstack,dc=org user_tree_dn = ou=Users,dc=openstack,dc=org user_enabled_emulation = True user_mail_attribute = mail diff --git a/keystone/tests/unit/config_files/backend_pool_liveldap.conf b/keystone/tests/unit/config_files/backend_pool_liveldap.conf index 0dd023b746..c36e05f951 100644 --- a/keystone/tests/unit/config_files/backend_pool_liveldap.conf +++ b/keystone/tests/unit/config_files/backend_pool_liveldap.conf @@ -4,7 +4,6 @@ user = cn=Manager,dc=openstack,dc=org password = test suffix = dc=openstack,dc=org group_tree_dn = ou=UserGroups,dc=openstack,dc=org -role_tree_dn = ou=Roles,dc=openstack,dc=org user_tree_dn = ou=Users,dc=openstack,dc=org user_enabled_emulation = True user_mail_attribute = mail diff --git a/keystone/tests/unit/config_files/backend_tls_liveldap.conf b/keystone/tests/unit/config_files/backend_tls_liveldap.conf index 2ce21f092b..b66044b728 100644 --- a/keystone/tests/unit/config_files/backend_tls_liveldap.conf +++ b/keystone/tests/unit/config_files/backend_tls_liveldap.conf @@ -4,7 +4,6 @@ user = dc=Manager,dc=openstack,dc=org password = test suffix = dc=openstack,dc=org group_tree_dn = ou=UserGroups,dc=openstack,dc=org -role_tree_dn = ou=Roles,dc=openstack,dc=org user_tree_dn = ou=Users,dc=openstack,dc=org user_enabled_emulation = True user_mail_attribute = mail