Remove more ldap project references

Commit I848bf41022224fec65cd9555a6e82790b296dcbe removed the
LDAP resource and assignment backends. As a result, some more
items can be removed, namely:

* ProjectLdapStructureMixin class is no longer used anywhere.
* references to project related ldap attributes in test conf files
* removal of references to ldap project attributes in configuration
  doc

Change-Id: I3efb32c39d3077f787e31533ef5407948a5d8cfd

doc/source/configuration.rst

@@ -1671,9 +1671,6 @@ The corresponding entries in the Keystone configuration file are:
   user_tree_dn = ou=Users,dc=openstack,dc=org
   user_objectclass = inetOrgPerson
 
-  project_tree_dn = ou=Projects,dc=openstack,dc=org
-  project_objectclass = groupOfNames
-
   role_tree_dn = ou=Roles,dc=openstack,dc=org
   role_objectclass = organizationalRole
 
@@ -1704,10 +1701,6 @@ and you have only read access, in such case the configuration is:
   user_allow_update = False
   user_allow_delete = False
 
-  project_allow_create = True
-  project_allow_update = True
-  project_allow_delete = True
-
   role_allow_create = True
   role_allow_update = True
   role_allow_delete = True
@@ -1720,7 +1713,6 @@ look like:
 
   [ldap]
   user_filter = (memberof=CN=openstack-users,OU=workgroups,DC=openstack,DC=org)
-  project_filter =
   role_filter =
 
 In case that the directory server does not have an attribute enabled of type
@@ -1761,13 +1753,6 @@ specified classes in the LDAP module so you can configure them like:
   user_enabled_mask         = 2
   user_enabled_default      = 512
   user_attribute_ignore     = tenant_id,tenants
-  project_objectclass       = groupOfNames
-  project_id_attribute      = cn
-  project_member_attribute  = member
-  project_name_attribute    = ou
-  project_desc_attribute    = description
-  project_enabled_attribute = extensionName
-  project_attribute_ignore  =
   role_objectclass          = organizationalRole
   role_id_attribute         = cn
   role_name_attribute       = ou
@@ -1797,14 +1782,13 @@ Enabled Emulation
 -----------------
 
 Some directory servers do not provide any enabled attribute. For these servers,
-the ``user_enabled_emulation`` and ``project_enabled_emulation`` attributes
+the ``user_enabled_emulation`` attribute has been created. It is enabled by
-have been created. They are enabled by setting their respective flags to True.
+setting the respective flags to True. Then the attribute
-Then the attributes ``user_enabled_emulation_dn`` and
+``user_enabled_emulation_dn`` may be set to specify how the enabled users are
-``project_enabled_emulation_dn`` may be set to specify how the enabled users
+selected. This attribute works by using a ``groupOfNames`` entry and adding
-and projects (tenants) are selected. These attributes work by using a
+whichever users or that you want enabled to the respective group with the
-``groupOfNames`` entry and adding whichever users or projects (tenants) that
+``member`` attribute. For example, this will mark any user who is a member of
-you want enabled to the respective group with the ``member`` attribute. For
+``enabled_users`` as enabled:
-example, this will mark any user who is a member of ``enabled_users`` as enabled:
 
 .. code-block:: ini
 
@@ -1812,15 +1796,14 @@ example, this will mark any user who is a member of ``enabled_users`` as enabled
   user_enabled_emulation = True
   user_enabled_emulation_dn = cn=enabled_users,cn=groups,dc=openstack,dc=org
 
-The default values for user and project (tenant) enabled emulation DN is
+The default values for user enabled emulation DN is
-``cn=enabled_users,$user_tree_dn`` and ``cn=enabled_tenants,$project_tree_dn``
+``cn=enabled_users,$user_tree_dn``.
-respectively.
+
 
 If a different LDAP schema is used for group membership, it is possible to use
 the ``group_objectclass`` and ``group_member_attribute`` attributes to
 determine membership in the enabled emulation group by setting the
-``user_enabled_emulation_use_group_config`` and
+``user_enabled_emulation_use_group_config`` attribute to True.
-``project_enabled_emulation_use_group_config`` attributes to True.
 
 Secure Connection
 -----------------

keystone/common/ldap/core.py

@@ -1950,24 +1950,3 @@ class EnabledEmuMixIn(BaseLdap):
         if self.enabled_emulation:
             self._remove_enabled(object_id)
         super(EnabledEmuMixIn, self).delete(object_id)
-
-
-class ProjectLdapStructureMixin(object):
-    """Project LDAP Structure shared between LDAP backends.
-
-    This is shared between the resource and assignment LDAP backends.
-
-    """
-
-    DEFAULT_OU = 'ou=Groups'
-    DEFAULT_STRUCTURAL_CLASSES = []
-    DEFAULT_OBJECTCLASS = 'groupOfNames'
-    DEFAULT_ID_ATTR = 'cn'
-    NotFound = exception.ProjectNotFound
-    notfound_arg = 'project_id'  # NOTE(yorik-sar): while options_name = tenant
-    options_name = 'project'
-    attribute_options_names = {'name': 'name',
-                               'description': 'desc',
-                               'enabled': 'enabled',
-                               'domain_id': 'domain_id'}
-    immutable_attrs = ['name']

keystone/tests/unit/config_files/backend_liveldap.conf

@@ -5,10 +5,7 @@ password = test
 suffix = dc=openstack,dc=org
 group_tree_dn = ou=UserGroups,dc=openstack,dc=org
 role_tree_dn = ou=Roles,dc=openstack,dc=org
-project_tree_dn = ou=Projects,dc=openstack,dc=org
 user_tree_dn = ou=Users,dc=openstack,dc=org
-project_enabled_emulation = True
 user_enabled_emulation = True
 user_mail_attribute = mail
 use_dumb_member = True
-

keystone/tests/unit/config_files/backend_pool_liveldap.conf

@@ -5,9 +5,7 @@ password = test
 suffix = dc=openstack,dc=org
 group_tree_dn = ou=UserGroups,dc=openstack,dc=org
 role_tree_dn = ou=Roles,dc=openstack,dc=org
-project_tree_dn = ou=Projects,dc=openstack,dc=org
 user_tree_dn = ou=Users,dc=openstack,dc=org
-project_enabled_emulation = True
 user_enabled_emulation = True
 user_mail_attribute = mail
 use_dumb_member = True

keystone/tests/unit/config_files/backend_tls_liveldap.conf

@@ -5,9 +5,7 @@ password = test
 suffix = dc=openstack,dc=org
 group_tree_dn = ou=UserGroups,dc=openstack,dc=org
 role_tree_dn = ou=Roles,dc=openstack,dc=org
-project_tree_dn = ou=Projects,dc=openstack,dc=org
 user_tree_dn = ou=Users,dc=openstack,dc=org
-project_enabled_emulation = True
 user_enabled_emulation = True
 user_mail_attribute = mail
 use_dumb_member = True

keystone/tests/unit/test_ldap_livetest.py

@@ -69,9 +69,6 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
         create_object(CONF.ldap.role_tree_dn,
                       {'objectclass': 'organizationalUnit',
                        'ou': 'Roles'})
-        create_object(CONF.ldap.project_tree_dn,
-                      {'objectclass': 'organizationalUnit',
-                       'ou': 'Projects'})
         create_object(CONF.ldap.group_tree_dn,
                       {'objectclass': 'organizationalUnit',
                        'ou': 'UserGroups'})