# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# NOTE(lamt): This configuration is used to demonstrate how you would bootstrap
# a domain (named "default") that is backed by LDAP.  This can be used for
# demo and testing purposes, but care should be taken if additional domain is
# added to keystone. There can only be 1 domain that is SQL-backed in this
# scenario, as keystone currently cannot support multiple SQL-backed domains if
# the original bootstrapped domain is LDAP-based.

conf:
  keystone:
    identity:
      driver: ldap
    ldap:
      url: "ldap://ldap.openstack.svc.cluster.local:389"
      user: "cn=admin,dc=cluster,dc=local"
      password: password
      suffix: "dc=cluster,dc=local"
      user_attribute_ignore: "enabled,email,tenants,default_project_id"
      query_scope: sub
      user_enabled_emulation: True
      user_enabled_emulation_dn: "cn=overwatch,ou=Groups,dc=cluster,dc=local"
      user_tree_dn: "ou=People,dc=cluster,dc=local"
      user_enabled_mask: 2
      user_enabled_default: 512
      user_name_attribute: cn
      user_id_attribute: sn
      user_mail_attribute: mail
      user_pass_attribute: userPassword
      group_tree_dn: "ou=Groups,dc=cluster,dc=local"
endpoints:
  identity:
    auth:
      admin:
        username: bob
        password: password
      test:
        username: bob
        password: password