openstack/openstack-helm
Code Issues Proposed changes

Map LDAP groups in keystone

Browse Source 
This change adds in the mapping for LDAP groups to be mapped
to groups within keystone. Also adds a group list check to make
sure that groups are correctly mapped.

Change-Id: Ib3b00d3f801ba975202a921643510fcb642e0a90
This commit is contained in:
Gage Hugo 2019-12-05 13:38:46 -06:00
parent 040e6aa23a
commit 5a50a9c136
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
keystone/values_overrides/ldap.yaml
View File

@ -41,6 +41,12 @@ conf:
user_mail_attribute: mail user_mail_attribute: mail
user_pass_attribute: userPassword user_pass_attribute: userPassword
group_tree_dn: "ou=Groups,dc=cluster,dc=local" group_tree_dn: "ou=Groups,dc=cluster,dc=local"
group_filter: ""
group_objectclass: posixGroup
group_id_attribute: cn
group_name_attribute: cn
group_desc_attribute: description
group_member_attribute: memberUID
use_pool: true use_pool: true
pool_size: 27 pool_size: 27
pool_retry_max: 3 pool_retry_max: 3

2
tools/deployment/component/keystone/keystone.sh
View File

@ -44,6 +44,8 @@ FEATURE_GATE="ldap"; if [[ ${FEATURE_GATES//,/ } =~ (^|[[:space:]])${FEATURE_GAT
openstack user list openstack user list
openstack user list --domain ldapdomain openstack user list --domain ldapdomain
openstack group list --domain ldapdomain
openstack role add --user bob --project admin --user-domain ldapdomain --project-domain default admin openstack role add --user bob --project admin --user-domain ldapdomain --project-domain default admin
domain="ldapdomain" domain="ldapdomain"