<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Use two separate domains for them.
Make the userids be "uuid@domainid" to be able distinguish one
from the other.<br>
<br>
<br>
On 01/27/2014 04:27 PM, Simon Perfer wrote:<br>
</div>
<blockquote cite="mid:SNT147-W47EEC32A2A2C76B71AB79581A20@phx.gbl"
type="cite">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style>
<div dir="ltr">
<div><span style="font-size: 12pt;">I'm looking to create a
simple Identity driver that will look at usernames. A small
number of specific users should be authenticated by looking
at a hard-coded password in keystone.conf, while any other
users should fall back to LDAP authentication.</span></div>
<div><br>
</div>
<div>I based my original driver on what's found here:</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="http://waipeng.wordpress.com/2013/09/30/openstack-ldap-authentication/"
target="_blank">http://waipeng.wordpress.com/2013/09/30/openstack-ldap-authentication/</a></div>
<div><br>
</div>
<div>As can be seen in the github code (<a
moz-do-not-send="true"
href="https://raw.github.com/waipeng/keystone/8c18917558bebbded0f9c588f08a84b0ea33d9ae/keystone/identity/backends/ldapauth.py"
target="_blank" style="font-size: 12pt;">https://raw.github.com/waipeng/keystone/8c18917558bebbded0f9c588f08a84b0ea33d9ae/keystone/identity/backends/ldapauth.py</a>),
there's a _check_password() method which is supposedly called
at some point.</div>
<div><br>
</div>
<div>I've based my driver on this ldapauth.py file, and created
an Identity class which subclasses sql.Identity. Here's what I
have so far:</div>
<div><br>
</div>
<div>
<p class="p1">CONF = config.CONF</p>
<p class="p1">LOG = logging.getLogger(__name__) Roles should
also be scopeed-able</p>
<p class="p2"><br>
</p>
<p class="p1">class Identity(sql.Identity):</p>
<p class="p1"> def __init__(self):</p>
<p class="p1"> super(Identity, self).__init__()</p>
<p class="p1"> LOG.debug('My authentication module
loaded')</p>
<p class="p2"><br>
</p>
<p class="p1"> def _check_password(self, password,
user_ref):</p>
<p class="p1"> LOG.debug('Authenticating via my custom
hybrid authentication')</p>
<p class="p2"><br>
</p>
<p class="p1"> username = user_ref.get('name')</p>
<p class="p1">
</p>
<p class="p1"> LOG.debug('Username = %s' % username)</p>
<p class="p1"><br>
</p>
<p class="p1">I can see from the syslog output that we never
enter the _check_password() function.</p>
</div>
<div><br>
</div>
<div>Can someone point me in the right direction regarding which
function calls the identity driver? Also, what is the entry
function in the identity drivers? Why wouldn't
check_password() be called, as we see in the github / blog
example above?</div>
<div><br>
</div>
<div>THANKS!</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
OpenStack-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>