8e88083bbc
Keystone removed LDAP write support in Ocata. Prior to that it was deprecated for several releases. To minimize confusion, we should remove these configuration options from the domain-specific backend environment. They're silently ignored by keystone and give the impression that the functionality still exists. This helps keep our keystone configuration clean and up-to-date. Relevant release notes that advertised this removal: https://docs.openstack.org/releasenotes/keystone/ocata.html#relnotes-11-0-0-origin-stable-ocata-other-notes Change-Id: I24660e34370820d6dc943e1b82a602e40305d5f4
16 lines
634 B
YAML
16 lines
634 B
YAML
# This is an example template on how to configure keystone domain specific LDAP
|
|
# backends. This will configure a domain called tripleoldap will the attributes
|
|
# specified.
|
|
parameter_defaults:
|
|
KeystoneLDAPDomainEnable: true
|
|
KeystoneLDAPBackendConfigs:
|
|
tripleoldap:
|
|
url: ldap://192.168.24.251
|
|
user: cn=openstack,ou=Users,dc=tripleo,dc=example,dc=com
|
|
password: Secrete
|
|
suffix: dc=tripleo,dc=example,dc=com
|
|
user_tree_dn: ou=Users,dc=tripleo,dc=example,dc=com
|
|
user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=tripleo,dc=example,dc=com)"
|
|
user_objectclass: person
|
|
user_id_attribute: cn
|