1. devstack
  2. Commit f41024e4b0b39f4b2d5d6bdb4873010f2e625b42
Browse code

Fixes Bug1130377 devstack ldap set values in keystone.conf

Addressed reviewers comments and added some extra properties
needed by latest version of keystone.
This fix sets some needed values in keystone.conf to ensure
that keystone can add entries to LDAP and remain schema
compliant. It creates a new special role (_member_) that
is needed by the latest version of keystone and also
fixes tenant_id to be tenantId.

Change-Id: Ia2a1ebb7cbedb0af106c74aa9181843cc9739f5d

Brad Topol authored on 2013/02/20 06:36:41
Showing 2 changed files
files/ldap/openstack.ldif
History View file @ f41024e
... ... 
@@ -19,3 +19,8 @@ ou: Roles
19 19 
 dn: ou=Projects,dc=openstack,dc=org
20 20 
 objectClass: organizationalUnit
21 21 
 ou: Projects
22 
+
23 
+dn: cn=9fe2ff9ee4384b1894a90878d3e92bab,ou=Roles,dc=openstack,dc=org
24 
+objectClass: organizationalRole
25 
+ou: _member_
26 
+cn: 9fe2ff9ee4384b1894a90878d3e92bab
lib/keystone
History View file @ f41024e
... ... 
@@ -99,6 +99,16 @@ function configure_keystone() {
99 99 
         iniset $KEYSTONE_CONF ldap password  $LDAP_PASSWORD
100 100 
         iniset $KEYSTONE_CONF ldap user "dc=Manager,dc=openstack,dc=org"
101 101 
         iniset $KEYSTONE_CONF ldap suffix "dc=openstack,dc=org"
102 
+        iniset $KEYSTONE_CONF ldap use_dumb_member "True"
103 
+        iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,tenantId"
104 
+        iniset $KEYSTONE_CONF ldap tenant_attribute_ignore "enabled"
105 
+        iniset $KEYSTONE_CONF ldap tenant_domain_id_attribute "businessCategory"
106 
+        iniset $KEYSTONE_CONF ldap tenant_desc_attribute "description"
107 
+        iniset $KEYSTONE_CONF ldap tenant_tree_dn "ou=Projects,dc=openstack,dc=org"
108 
+        iniset $KEYSTONE_CONF ldap user_domain_id_attribute "businessCategory"
109 
+        iniset $KEYSTONE_CONF ldap user_tree_dn "ou=Users,dc=openstack,dc=org"
110 
+        iniset $KEYSTONE_CONF DEFAULT member_role_id "9fe2ff9ee4384b1894a90878d3e92bab"
111 
+        iniset $KEYSTONE_CONF DEFAULT member_role_name "_member_"
102 112 
     fi
103 113
104 114 
     if [[  "$KEYSTONE_IDENTITY_BACKEND" == "ldap"  ]]; then