e4ec12e811
Fixes Bug1040115 added several test cases, also provides a full ldap regression suite. Also added supplemental (simple) verification for CACERTFILE and CACERTDIR added a TLS disable option when ldaps URLs are used and did full regression tests using ldaps URLs and with TLS addresses ayoung's comments addresses dolphm's and Mouad's comments addresses gyee's doc request and bknudson's comments Change-Id: I639f2853df0ce5c10ae85b06214b26430d872aca
24 lines
676 B
Plaintext
24 lines
676 B
Plaintext
[ldap]
|
|
url = ldap://
|
|
user = dc=Manager,dc=openstack,dc=org
|
|
password = test
|
|
suffix = dc=openstack,dc=org
|
|
group_tree_dn = ou=UserGroups,dc=openstack,dc=org
|
|
role_tree_dn = ou=Roles,dc=openstack,dc=org
|
|
tenant_tree_dn = ou=Projects,dc=openstack,dc=org
|
|
domain_tree_dn = ou=Domains,dc=openstack,dc=org
|
|
user_tree_dn = ou=Users,dc=openstack,dc=org
|
|
tenant_enabled_emulation = True
|
|
user_enabled_emulation = True
|
|
domain_enabled_emulation = True
|
|
user_mail_attribute = mail
|
|
use_dumb_member = True
|
|
use_tls = True
|
|
tls_cacertfile = /etc/keystone/ssl/certs/cacert.pem
|
|
tls_cacertdir = /etc/keystone/ssl/certs/
|
|
tls_req_cert = demand
|
|
|
|
[identity]
|
|
driver = keystone.identity.backends.ldap.Identity
|
|
|