fc4776319f
Both roles are projects are groupOfNames. Previously, we were differentiating projects from project roles by using the novaProject objectclass on the project, and not on the roles. This change removes novaProject, and uses the owner attribute instead of the projectManager attribute. Only projects should have an owner. We can differentiate projects from project roles by checking for the existence of this attribute. To check for the existence of an attribute in LDAP, a wildcard search is used. The fake LDAP driver did not support wildcard searches, so I put in "all or nothing" support for it. The wildcard search support doesn't work exactly like wildcard searches in LDAP, but will work for the case that's required.
49 lines
1.0 KiB
Plaintext
49 lines
1.0 KiB
Plaintext
#
|
|
# Person object for Nova
|
|
# inetorgperson with extra attributes
|
|
# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
|
|
#
|
|
#
|
|
|
|
# using internet experimental oid arc as per BP64 3.1
|
|
objectidentifier novaSchema 1.3.6.1.3.1.666.666
|
|
objectidentifier novaAttrs novaSchema:3
|
|
objectidentifier novaOCs novaSchema:4
|
|
|
|
attributetype (
|
|
novaAttrs:1
|
|
NAME 'accessKey'
|
|
DESC 'Key for accessing data'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE
|
|
)
|
|
|
|
attributetype (
|
|
novaAttrs:2
|
|
NAME 'secretKey'
|
|
DESC 'Secret key'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE
|
|
)
|
|
|
|
attributetype (
|
|
novaAttrs:4
|
|
NAME 'isNovaAdmin'
|
|
DESC 'Is user an nova administrator?'
|
|
EQUALITY booleanMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
|
SINGLE-VALUE
|
|
)
|
|
|
|
objectClass (
|
|
novaOCs:1
|
|
NAME 'novaUser'
|
|
DESC 'access and secret keys'
|
|
AUXILIARY
|
|
MAY ( accessKey $ secretKey $ isNovaAdmin )
|
|
)
|