Andrew Bogott has submitted this change and it was merged. Change subject: Switch keystone to mysql assignment from ldap. ......................................................................
Switch keystone to mysql assignment from ldap. This needs to be merged during a migration window. Bug: T115029 Change-Id: I4d9f44a8015529b9fb3a71ab3320487efb04c298 --- M modules/openstack/templates/kilo/keystone/keystone.conf.erb 1 file changed, 12 insertions(+), 23 deletions(-) Approvals: Andrew Bogott: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/templates/kilo/keystone/keystone.conf.erb b/modules/openstack/templates/kilo/keystone/keystone.conf.erb index f53b21f..3e16967 100644 --- a/modules/openstack/templates/kilo/keystone/keystone.conf.erb +++ b/modules/openstack/templates/kilo/keystone/keystone.conf.erb @@ -66,6 +66,9 @@ [identity] driver = keystone.identity.backends.ldap.Identity +[assignment] +driver = keystone.assignment.backends.sql.Assignment + [catalog] # dynamic, sql-based backend (supports API/CLI-based management commands) driver = keystone.catalog.backends.sql.Catalog @@ -119,35 +122,21 @@ url = ldap://<%= @keystoneconfig["ldap_host"] %> tree_dn = <%= @keystoneconfig["ldap_base_dn"] %> user_tree_dn = ou=people,<%= @keystoneconfig["ldap_base_dn"] %> -tenant_tree_dn = ou=projects,<%= @keystoneconfig["ldap_base_dn"] %> user_id_attribute = <%= @keystoneconfig["ldap_user_id_attribute"] %> -tenant_id_attribute = <%= @keystoneconfig["ldap_tenant_id_attribute"] %> user_name_attribute = <%= @keystoneconfig["ldap_user_name_attribute"] %> -tenant_name_attribute = <%= @keystoneconfig["ldap_tenant_name_attribute"] %> user = <%= @keystoneconfig["ldap_user_dn"] %> password = <%= @keystoneconfig["ldap_user_pass"] %> -# url = ldap://localhost -# user = dc=Manager,dc=example,dc=com -# password = None -# suffix = cn=example,cn=com -# use_dumb_member = False -# user_tree_dn = ou=Users,dc=example,dc=com -# user_objectclass = inetOrgPerson -# user_id_attribute = cn -# user_name_attribute = sn +# former ldap-assignment settings: +#tenant_tree_dn = ou=projects,<%= @keystoneconfig["ldap_base_dn"] %> +#tenant_id_attribute = <%= @keystoneconfig["ldap_tenant_id_attribute"] %> +#tenant_name_attribute = <%= @keystoneconfig["ldap_tenant_name_attribute"] %> -# tenant_tree_dn = ou=Groups,dc=example,dc=com -# tenant_objectclass = groupOfNames -# tenant_id_attribute = cn -# tenant_member_attribute = member -# tenant_name_attribute = ou - -role_tree_dn = ou=roles,<%= @keystoneconfig["ldap_base_dn"] %> -role_objectclass = organizationalRole -role_id_attribute = cn -role_name_attribute = cn -role_member_attribute = roleOccupant +#role_tree_dn = ou=roles,<%= @keystoneconfig["ldap_base_dn"] %> +#role_objectclass = organizationalRole +#role_id_attribute = cn +#role_name_attribute = cn +#role_member_attribute = roleOccupant [filter:debug] paste.filter_factory = keystone.common.wsgi:Debug.factory -- To view, visit https://gerrit.wikimedia.org/r/268325 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I4d9f44a8015529b9fb3a71ab3320487efb04c298 Gerrit-PatchSet: 4 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Andrew Bogott <[email protected]> Gerrit-Reviewer: Andrew Bogott <[email protected]> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
