* Removes unused schema

* Removes MUST uid from novaUser
* Changes isAdmin to isNovaAdmin
* Adds two new configuration options:
** ldap_user_id_attribute, with a default of uid
** ldap_user_name_attribute, with a default of cn
* ldapdriver.py has been modified to use these changes

Rationale:

Removing uid from novaUser:

Requiring uid makes the schema very posix specific. Other schemas don't use uid for identifiers at all. This
change makes the schema more interoperable.

Changing isAdmin to isNovaAdmin:

This attribute is too generic. It doesn't describe what the user is an admin of, and in a pre-existing directory
is out of place. This change is to make the attribute more specific to the software.

Adding config options for id and name:

This is another interoperability change. This change makes the driver more compatible with directories like AD,
where sAMAccountName is used instead of uid. Also, some directory admins prefer to use displayName rather than
CN for full names of users.

nova/auth/ldapdriver.py

@@ -37,6 +37,8 @@ flags.DEFINE_string('ldap_url', 'ldap://localhost',
 flags.DEFINE_string('ldap_password', 'changeme', 'LDAP password')
 flags.DEFINE_string('ldap_user_dn', 'cn=Manager,dc=example,dc=com',
                     'DN of admin user')
+flags.DEFINE_string('ldap_user_id_attribute', 'uid', 'Attribute to use as id')
+flags.DEFINE_string('ldap_user_name_attribute', 'cn', 'Attribute to use as name')
 flags.DEFINE_string('ldap_user_unit', 'Users', 'OID for Users')
 flags.DEFINE_string('ldap_user_subtree', 'ou=Users,dc=example,dc=com',
                     'OU for Users')
@@ -131,12 +133,12 @@ class LdapDriver(object):
                              'inetOrgPerson',
                              'novaUser']),
             ('ou', [FLAGS.ldap_user_unit]),
-            ('uid', [name]),
+            (FLAGS.ldap_user_id_attribute, [name]),
             ('sn', [name]),
-            ('cn', [name]),
+            (FLAGS.ldap_user_name_attribute, [name]),
             ('secretKey', [secret_key]),
             ('accessKey', [access_key]),
-            ('isAdmin', [str(is_admin).upper()]),
+            ('isNovaAdmin', [str(is_admin).upper()]),
         ]
         self.conn.add_s(self.__uid_to_dn(name), attr)
         return self.__to_user(dict(attr))
@@ -274,7 +276,7 @@ class LdapDriver(object):
         if secret_key:
             attr.append((self.ldap.MOD_REPLACE, 'secretKey', secret_key))
         if admin is not None:
-            attr.append((self.ldap.MOD_REPLACE, 'isAdmin', str(admin).upper()))
+            attr.append((self.ldap.MOD_REPLACE, 'isNovaAdmin', str(admin).upper()))
         self.conn.modify_s(self.__uid_to_dn(uid), attr)
 
     def __user_exists(self, uid):
@@ -450,11 +452,11 @@ class LdapDriver(object):
         if attr == None:
             return None
         return {
-            'id': attr['uid'][0],
-            'name': attr['cn'][0],
+            'id': attr[FLAGS.ldap_user_id_attribute][0],
+            'name': attr[FLAGS.ldap_user_name_attribute][0],
             'access': attr['accessKey'][0],
             'secret': attr['secretKey'][0],
-            'admin': (attr['isAdmin'][0] == 'TRUE')}
+            'admin': (attr['isNovaAdmin'][0] == 'TRUE')}
 
     def __to_project(self, attr):
         """Convert ldap attributes to Project object"""
@@ -474,9 +476,10 @@ class LdapDriver(object):
         return dn.split(',')[0].split('=')[1]
 
     @staticmethod
-    def __uid_to_dn(dn):
+    def __uid_to_dn(uid):
         """Convert uid to dn"""
-        return 'uid=%s,%s' % (dn, FLAGS.ldap_user_subtree)
+        return FLAGS.ldap_user_id_attribute + '=%s,%s' \
+            % (uid, FLAGS.ldap_user_subtree)
 
 
 class FakeLdapDriver(LdapDriver):

nova/auth/nova_openldap.schema

@@ -30,20 +30,10 @@ attributetype (
     SINGLE-VALUE
     )
 
-attributetype (
-    novaAttrs:3
-    NAME 'keyFingerprint'
-    DESC 'Fingerprint of private key'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
 attributetype (
     novaAttrs:4
-    NAME 'isAdmin'
-    DESC 'Is user an administrator?'
+    NAME 'isNovaAdmin'
+    DESC 'Is user an nova administrator?'
     EQUALITY booleanMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
     SINGLE-VALUE
@@ -61,17 +51,7 @@ objectClass (
     NAME 'novaUser'
     DESC 'access and secret keys'
     AUXILIARY
-    MUST ( uid )
-    MAY  ( accessKey $ secretKey $ isAdmin )
-    )
-
-objectClass (
-    novaOCs:2
-    NAME 'novaKeyPair'
-    DESC 'Key pair for User'
-    SUP top
-    STRUCTURAL
-    MUST ( cn $ sshPublicKey $ keyFingerprint )
+    MAY  ( accessKey $ secretKey $ isNovaAdmin )
     )
 
 objectClass (

nova/auth/nova_sun.schema

@@ -8,9 +8,7 @@
 dn: cn=schema
 attributeTypes: ( 1.3.6.1.3.1.666.666.3.1 NAME 'accessKey' DESC 'Key for accessing data' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 attributeTypes: ( 1.3.6.1.3.1.666.666.3.2 NAME 'secretKey' DESC 'Secret key' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
-attributeTypes: ( 1.3.6.1.3.1.666.666.3.3 NAME 'keyFingerprint' DESC 'Fingerprint of private key' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
-attributeTypes: ( 1.3.6.1.3.1.666.666.3.4 NAME 'isAdmin' DESC 'Is user an administrator?' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 
+attributeTypes: ( 1.3.6.1.3.1.666.666.3.4 NAME 'isNovaAdmin' DESC 'Is user a nova administrator?' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 
 attributeTypes: ( 1.3.6.1.3.1.666.666.3.5 NAME 'projectManager' DESC 'Project Managers of a project' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-objectClasses: ( 1.3.6.1.3.1.666.666.4.1 NAME 'novaUser' DESC 'access and secret keys' SUP top AUXILIARY MUST ( uid ) MAY  ( accessKey $ secretKey $ isAdmin ) ) 
-objectClasses: ( 1.3.6.1.3.1.666.666.4.2 NAME 'novaKeyPair' DESC 'Key pair for User' SUP top STRUCTURAL MUST ( cn $ sshPublicKey $ keyFingerprint ) )
+objectClasses: ( 1.3.6.1.3.1.666.666.4.1 NAME 'novaUser' DESC 'access and secret keys' SUP top AUXILIARY MAY  ( accessKey $ secretKey $ isNovaAdmin ) ) 
 objectClasses: ( 1.3.6.1.3.1.666.666.4.3 NAME 'novaProject' DESC 'Container for project' SUP groupOfNames STRUCTURAL MUST ( cn $ projectManager ) )

nova/auth/openssh-lpk_openldap.schema

@@ -1,19 +0,0 @@
-#
-# LDAP Public Key Patch schema for use with openssh-ldappubkey
-# Author: Eric AUGE <eau@phear.org>
-#
-# Based on the proposal of : Mark Ruijter
-#
-
-
-# octetString SYNTAX
-attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
-	DESC 'MANDATORY: OpenSSH Public key'
-	EQUALITY octetStringMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-
-# printableString SYNTAX yes|no
-objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
-	DESC 'MANDATORY: OpenSSH LPK objectclass'
-	MAY ( sshPublicKey $ uid )
-	)

nova/auth/openssh-lpk_sun.schema

@@ -1,10 +0,0 @@
-#
-# LDAP Public Key Patch schema for use with openssh-ldappubkey
-# Author: Eric AUGE <eau@phear.org>
-# 
-# Schema for Sun Directory Server.
-# Based on the original schema, modified by Stefan Fischer.
-#
-dn: cn=schema
-attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DESC 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-objectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MAY ( sshPublicKey $ uid ) )