From 5a50a9c136a74ff53baa54032bcd479c194bf721 Mon Sep 17 00:00:00 2001
From: Gage Hugo <gagehugo@gmail.com>
Date: Thu, 5 Dec 2019 13:38:46 -0600
Subject: [PATCH] Map LDAP groups in keystone

This change adds in the mapping for LDAP groups to be mapped
to groups within keystone. Also adds a group list check to make
sure that groups are correctly mapped.

Change-Id: Ib3b00d3f801ba975202a921643510fcb642e0a90
---
 keystone/values_overrides/ldap.yaml             | 6 ++++++
 tools/deployment/component/keystone/keystone.sh | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/keystone/values_overrides/ldap.yaml b/keystone/values_overrides/ldap.yaml
index 8109017a37..510066ad3e 100644
--- a/keystone/values_overrides/ldap.yaml
+++ b/keystone/values_overrides/ldap.yaml
@@ -41,6 +41,12 @@ conf:
         user_mail_attribute: mail
         user_pass_attribute: userPassword
         group_tree_dn: "ou=Groups,dc=cluster,dc=local"
+        group_filter: ""
+        group_objectclass: posixGroup
+        group_id_attribute: cn
+        group_name_attribute: cn
+        group_desc_attribute: description
+        group_member_attribute: memberUID
         use_pool: true
         pool_size: 27
         pool_retry_max: 3
diff --git a/tools/deployment/component/keystone/keystone.sh b/tools/deployment/component/keystone/keystone.sh
index d376e9df9b..7c20f16d81 100755
--- a/tools/deployment/component/keystone/keystone.sh
+++ b/tools/deployment/component/keystone/keystone.sh
@@ -44,6 +44,8 @@ FEATURE_GATE="ldap"; if [[ ${FEATURE_GATES//,/ } =~ (^|[[:space:]])${FEATURE_GAT
   openstack user list
   openstack user list --domain ldapdomain
 
+  openstack group list --domain ldapdomain
+
   openstack role add --user bob --project admin --user-domain ldapdomain --project-domain default admin
 
   domain="ldapdomain"