Hi All,
<div><br></div><div>I've got a working implementation of quotas in Keystone. However it's only working for the KVS and SQL backends right now and I need it to work with LDAP before submitting it for review. I have limited experience with LDAP and only from an ops perspective, I've never developed any application code against an LDAP backed app, so I'm here asking for help.</div>
<div><br></div><div>My original plan was to just piggy back on the metadata code in the LDAP backend (like I did with SQL). But, as you can see from get_metadata [1] and create_metadata [2], it's not really there. Since that's not possible I'll need to build something myself but I'm not too sure what's the best way to go about doing that. Based on a bit of research, I've come up with a couple of options.</div>
<div><br></div><div>Option 1 - Separate Quota ou</div><div><br></div><div>Looking at ldap/core.py, I could create a new QuotaApi class with the fields</div><div><br></div><div><div> DEFAULT_OU = 'ou=Quota'</div>
<div> DEFAULT_STRUCTURAL_CLASSES = []</div><div> DEFAULT_OBJECTCLASS = '???'</div><div> DEFAULT_ID_ATTR = 'cn'</div><div> DEFAULT_MEMBER_ATTRIBUTE = 'cn'</div><div> options_name = 'quota'</div>
<div> attribute_mapping = {'quota': 'cn'}</div><div> model = models.Quota</div></div><div><br></div><div>The idea being that quota information is an ou associated with a tenant (somehow). I'm not sure how best to store the quota data itself in this case. Could it just be stored as JSON in the cn? I'm not sure if that's a good idea or a bad idea but I suspect bad...</div>
<div><br></div><div>Option 2 - Metadata Attribute on Tenant</div><div><br></div><div>Quotas are just an attribute of a Tenant so why not just add a single 'quotas' attribute to the Tenant ou. Then the quotas JSON could be stored in this attribute. This seems like a simple and straight-forward solution but I don't know how to add this attribute via an objectclass to Tenant.</div>
<div><br></div><div>How would I add a quotas attribute to the Tenant ou?</div><div>How would I reference that attribute?</div><div>Is there an existing attribute on Tenant where I could reasonably store the quotas JSON instead of adding another one?</div>
<div><br></div><div>Thoughts or feedback on these options? Are there any other options I'm missing?</div><div><br></div><div>Thanks,</div><div>Everett</div><div><br></div><div><br></div><div>[1] <a href="https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/core.py#L140-147" target="_blank">https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/core.py#L140-147</a></div>
<div>[2] <a href="https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/core.py#L205-206" target="_blank">https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/core.py#L205-206</a></div>