5604726bf7
Rather than trying to modle the 50+ ldap config options in the charms config.yaml, require the user to use the config flags option to insert them.
29 lines
1.1 KiB
YAML
29 lines
1.1 KiB
YAML
options:
|
|
domain-name:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Name of the keystone domain to configure; defaults to the deployed
|
|
application name.
|
|
ldap-config-flags:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The are ~50 LDAP configuration options supported by keystone.
|
|
Use a json like string with double quotes
|
|
and braces around all the options and single quotes around complex values.
|
|
"{user_tree_dn: 'DC=dc1,DC=ad,DC=example,DC=com',
|
|
user_allow_create: False,
|
|
user_allow_delete: False}"
|
|
See the README for more details.
|
|
tls-ca-ldap:
|
|
type: string
|
|
default: null
|
|
description: |
|
|
This option controls which certificate (or a chain) will be used to connect
|
|
to an ldap server(s) over TLS. Certificate contents should be either used
|
|
directly or included via include-file://
|
|
An LDAP url should also be considered as ldaps and StartTLS are both valid
|
|
methods of using TLS (see RFC 4513) with StartTLS using a non-ldaps url which,
|
|
of course, still requires a CA certificate.
|