[Openstack] LDAP support in Keystone Light/redux

Adam Young ayoung at redhat.com
Thu Feb 9 02:29:03 UTC 2012


I've made some strides in the KSL  LDAP  implementation.  I've set up a 
github  clone with the code pushed:


https://github.com/admiyo/keystone/tree/ldap

The code is ugly,  as I'm in "Just get it working" mode.  Cleanup will 
happend prior to any attempt to merge with the Redux branch.  I've 
attempted to keep the same set of unit tests running as are used for the 
SQL backend.  The one delta is  Metadata, as I am not sure how (or even 
if) we want to reflect that in LDAP.  I've made those three unit tests 
no-ops for LDAP.

There are still more API calls to implement, (Tenant_Modify for example) 
and then I'll test out against a live Open LDAP  instance.

The one change I've made from the old config is that fields like URL  no 
longer have ldap_  in front of them,  so the config will look something like

[ldap]
url = ldap://localhost
user = cn=Admin
password = password
backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role']
suffix ='cn=example,cn=com'



Feedback requested.




More information about the Openstack mailing list