Re: [openstack-dev] extending keystone identity

2014-01-28 Thread Simon Perfer
developers. From: dolph.math...@gmail.com Date: Mon, 27 Jan 2014 22:35:18 -0600 To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] extending keystone identity From your original email, it sounds like you want to extend the existing LDAP identity driver implementation, rather than

Re: [openstack-dev] extending keystone identity

2014-01-28 Thread Adam Young
Use two separate domains for them. Make the userids be uuid@domainid to be able distinguish one from the other. On 01/27/2014 04:27 PM, Simon Perfer wrote: I'm looking to create a simple Identity driver that will look at usernames. A small number of specific users should be authenticated by

Re: [openstack-dev] extending keystone identity

2014-01-28 Thread Simon Perfer
authentication projects we have coming down the pipe. Date: Tue, 28 Jan 2014 15:42:29 -0500 From: ayo...@redhat.com To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] extending keystone identity Use two separate domains for them. Make the userids be uuid@domainid

Re: [openstack-dev] extending keystone identity

2014-01-28 Thread Dolph Mathews
...@gmail.com Date: Mon, 27 Jan 2014 22:35:18 -0600 To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] extending keystone identity From your original email, it sounds like you want to extend the existing LDAP identity driver implementation, rather than writing a custom driver from

[openstack-dev] extending keystone identity

2014-01-27 Thread Simon Perfer
I'm looking to create a simple Identity driver that will look at usernames. A small number of specific users should be authenticated by looking at a hard-coded password in keystone.conf, while any other users should fall back to LDAP authentication. I based my original driver on what's found

Re: [openstack-dev] extending keystone identity

2014-01-27 Thread Dolph Mathews
_check_password() is a private/internal API, so we make no guarantees about it's stability. Instead, override the public authenticate() method with something like this: def authenticate(self, user_id, password, domain_scope=None): if user_id in SPECIAL_LIST_OF_USERS: #

Re: [openstack-dev] extending keystone identity

2014-01-27 Thread Simon Perfer
on why I'm not hitting this method? From: dolph.math...@gmail.com Date: Mon, 27 Jan 2014 18:14:50 -0600 To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] extending keystone identity _check_password() is a private/internal API, so we make no guarantees about it's stability

Re: [openstack-dev] extending keystone identity

2014-01-27 Thread Simon Perfer
-dev@lists.openstack.org Date: Mon, 27 Jan 2014 21:58:43 -0500 Subject: Re: [openstack-dev] extending keystone identity Dolph, I appreciate the response and pointing me in the right direction. Here's what I have so far: imports here CONF = config.CONF LOG = logging.getLogger(__name__

Re: [openstack-dev] extending keystone identity

2014-01-27 Thread Dolph Mathews
in figuring out what I'm missing. Thanks! -- From: simon.per...@hotmail.com To: openstack-dev@lists.openstack.org Date: Mon, 27 Jan 2014 21:58:43 -0500 Subject: Re: [openstack-dev] extending keystone identity Dolph, I appreciate the response and pointing me