Add trigger to setup a LDAP backend as keystone domaine
It is using a trigger tripleo::profile::base::keystone::ldap_backend_enable in puppet-tripleo
who will call a define in puppet-keysone ldap_backend.pp.
Given the following environment:
parameter_defaults:
KeystoneLDAPDomainEnable: true
KeystoneLDAPBackendConfigs:
tripleoldap:
url: ldap://192.0.2.250
user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com
password: Secrete
suffix: dc=redhat,dc=example,dc=com
user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com
user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)"
user_objectclass: person
user_id_attribute: cn
user_allow_create: false
user_allow_update: false
user_allow_delete: false
ControllerExtraConfig:
nova::keystone::authtoken::auth_version: v3
cinder::keystone::authtoken::auth_version: v3
It would then create a domain called tripleoldap with an LDAP
configuration as defined by the hash. The parameters from the
hash are defined by the keystone::ldap_backend resource in
puppet-keystone.
More backends can be added as more entries to that hash.
This also enables multi-domain support for horizon.
Closes-Bug: 1677603
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db
Change-Id: I6c815e4596d595bfa2a018127beaf21249a10643
Signed-off-by: Cyril Lopez <cylopez@redhat.com>
2017-03-30 15:48:14 +02:00
|
|
|
# This is an example template on how to configure keystone domain specific LDAP
|
|
|
|
# backends. This will configure a domain called tripleoldap will the attributes
|
|
|
|
# specified.
|
|
|
|
parameter_defaults:
|
|
|
|
KeystoneLDAPDomainEnable: true
|
|
|
|
KeystoneLDAPBackendConfigs:
|
|
|
|
tripleoldap:
|
2017-04-07 10:51:08 +02:00
|
|
|
url: ldap://192.168.24.251
|
Add trigger to setup a LDAP backend as keystone domaine
It is using a trigger tripleo::profile::base::keystone::ldap_backend_enable in puppet-tripleo
who will call a define in puppet-keysone ldap_backend.pp.
Given the following environment:
parameter_defaults:
KeystoneLDAPDomainEnable: true
KeystoneLDAPBackendConfigs:
tripleoldap:
url: ldap://192.0.2.250
user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com
password: Secrete
suffix: dc=redhat,dc=example,dc=com
user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com
user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)"
user_objectclass: person
user_id_attribute: cn
user_allow_create: false
user_allow_update: false
user_allow_delete: false
ControllerExtraConfig:
nova::keystone::authtoken::auth_version: v3
cinder::keystone::authtoken::auth_version: v3
It would then create a domain called tripleoldap with an LDAP
configuration as defined by the hash. The parameters from the
hash are defined by the keystone::ldap_backend resource in
puppet-keystone.
More backends can be added as more entries to that hash.
This also enables multi-domain support for horizon.
Closes-Bug: 1677603
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db
Change-Id: I6c815e4596d595bfa2a018127beaf21249a10643
Signed-off-by: Cyril Lopez <cylopez@redhat.com>
2017-03-30 15:48:14 +02:00
|
|
|
user: cn=openstack,ou=Users,dc=tripleo,dc=example,dc=com
|
|
|
|
password: Secrete
|
|
|
|
suffix: dc=tripleo,dc=example,dc=com
|
|
|
|
user_tree_dn: ou=Users,dc=tripleo,dc=example,dc=com
|
|
|
|
user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=tripleo,dc=example,dc=com)"
|
|
|
|
user_objectclass: person
|
|
|
|
user_id_attribute: cn
|
|
|
|
user_allow_create: false
|
|
|
|
user_allow_update: false
|
|
|
|
user_allow_delete: false
|