summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMaksym Yatsenko <myatsenko@mirantis.com>2016-07-05 20:21:26 +0300
committerMaksym Yatsenko <myatsenko@mirantis.com>2016-07-07 16:26:59 +0300
commit895e53166bd55f8c54dcb54178631635ce9c81cc (patch)
tree0f85b98c3a8da71c8ffbe9edab977f996fececfc
parent3227f50ed8b9e9760713b3665e4aa62a08d5ef2a (diff)
Adds Plugin Guide.
Documentation of LDAP plugin for Fuel-9.0 was added. Change-Id: Ied40e1d731feea6eee8c306b3fdef6487da2038e
Notes
Notes (review): Code-Review+1: Alex Petrov <apetrov@mirantis.com> Code-Review+2: Vasyl Saienko <vsaienko@mirantis.com> Workflow+1: Vasyl Saienko <vsaienko@mirantis.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Thu, 07 Jul 2016 14:02:38 +0000 Reviewed-on: https://review.openstack.org/337801 Project: openstack/fuel-plugin-ldap Branch: refs/heads/master
-rw-r--r--doc/source/appendix.rst3
-rw-r--r--doc/source/changelog.rst16
-rw-r--r--doc/source/conf.py6
-rw-r--r--doc/source/configuration.rst97
-rw-r--r--doc/source/description.rst3
-rw-r--r--doc/source/guide.rst49
-rw-r--r--doc/source/images/additional_domains.pngbin0 -> 115407 bytes
-rw-r--r--doc/source/images/custom_proxy_configs.pngbin0 -> 64113 bytes
-rw-r--r--doc/source/images/dashboard.pngbin16667 -> 91744 bytes
-rw-r--r--doc/source/images/default_domain.pngbin16400 -> 92496 bytes
-rw-r--r--doc/source/images/domain_context.pngbin39395 -> 173190 bytes
-rw-r--r--doc/source/images/domains.pngbin48671 -> 197626 bytes
-rw-r--r--doc/source/images/enable_ldap_plugin.pngbin130419 -> 92585 bytes
-rw-r--r--doc/source/images/enable_ldap_proxy.pngbin0 -> 28332 bytes
-rw-r--r--doc/source/images/group_ldap_settings.pngbin42607 -> 42674 bytes
-rw-r--r--doc/source/images/ldap-checkbox.pngbin26732 -> 0 bytes
-rw-r--r--doc/source/images/ldap_plugin.pngbin125114 -> 89474 bytes
-rw-r--r--doc/source/images/ldap_proxy_param.pngbin0 -> 31305 bytes
-rw-r--r--doc/source/images/ldap_settings.pngbin22010 -> 19852 bytes
-rw-r--r--doc/source/images/ldap_settings_suffix.pngbin0 -> 12487 bytes
-rw-r--r--doc/source/images/project.pngbin60897 -> 148309 bytes
-rw-r--r--doc/source/images/project_members.pngbin61056 -> 156899 bytes
-rw-r--r--doc/source/images/proxy_base_config.pngbin0 -> 34989 bytes
-rw-r--r--doc/source/images/proxy_custom_config.pngbin0 -> 36358 bytes
-rw-r--r--doc/source/images/settings.pngbin102025 -> 67076 bytes
-rw-r--r--doc/source/images/tls_settings.pngbin126111 -> 135885 bytes
-rw-r--r--doc/source/images/user_ldap_settings.pngbin64847 -> 74231 bytes
-rw-r--r--doc/source/index.rst4
-rw-r--r--doc/source/installation.rst25
-rw-r--r--doc/source/limitations.rst11
-rw-r--r--doc/source/removal.rst10
-rw-r--r--doc/source/troubleshooting.rst41
-rw-r--r--doc/source/verification.rst12
33 files changed, 179 insertions, 98 deletions
diff --git a/doc/source/appendix.rst b/doc/source/appendix.rst
index 86148e8..881438e 100644
--- a/doc/source/appendix.rst
+++ b/doc/source/appendix.rst
@@ -5,6 +5,5 @@ Appendix
5Links 5Links
6========================= 6=========================
7 7
8- `Mirantis OpenStack User Guide <https://docs.mirantis.com/openstack/fuel/fuel-7.0/user-guide.html>`_ 8- `Mirantis OpenStack Documentation Center <https://docs.mirantis.com/openstack/fuel/fuel-9.0/>`_
9- `Fuel Plugins Catalog <https://www.mirantis.com/products/openstack-drivers-and-plugins/fuel-plugins/>`_ 9- `Fuel Plugins Catalog <https://www.mirantis.com/products/openstack-drivers-and-plugins/fuel-plugins/>`_
10- `Quick Start Guide <https://software.mirantis.com/quick-start/>`_
diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst
new file mode 100644
index 0000000..17897cb
--- /dev/null
+++ b/doc/source/changelog.rst
@@ -0,0 +1,16 @@
1Release notes / Changelog
2=========================
3
4**3.0.0**
5
6* Support of ldap proxy
7* Compatibility with MOS 9.0
8
9**2.0.0**
10
11* Support of multi-domains
12* Compatibility with MOS 8.0
13
14**1.0.0**
15
16* This is the first release of the plugin
diff --git a/doc/source/conf.py b/doc/source/conf.py
index 1eab320..7808c35 100644
--- a/doc/source/conf.py
+++ b/doc/source/conf.py
@@ -9,10 +9,10 @@ source_suffix = '.rst'
9master_doc = 'index' 9master_doc = 'index'
10 10
11project = u'The LDAP plugin for Fuel' 11project = u'The LDAP plugin for Fuel'
12copyright = u'2015, Mirantis Inc.' 12copyright = u'2016, Mirantis Inc.'
13 13
14version = '1.0-1.0.0-1' 14version = '3.0-3.0.0-1'
15release = '1.0-1.0.0-1' 15release = '3.0-3.0.0-1'
16 16
17exclude_patterns = [] 17exclude_patterns = []
18 18
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 34bbacc..eb92dfa 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -5,26 +5,52 @@ Configuring LDAP plugin
5#. Create a new OpenStack environment to use an existing LDAP server as authentication 5#. Create a new OpenStack environment to use an existing LDAP server as authentication
6 backend for Keystone. 6 backend for Keystone.
7 For more information about environment creation, see `Mirantis OpenStack 7 For more information about environment creation, see `Mirantis OpenStack
8 User Guide <http://docs.mirantis.com/openstack 8 User Guide <http://docs.openstack.org/developer/fuel-docs
9 /fuel/fuel-7.0/user-guide.html#create-a-new-openstack-environment>`_. 9 /userdocs/fuel-user-guide/create-environment.html>`_.
10 10
11#. Open *Settings* tab of the Fuel Web UI, scroll the page down and select 11#. Open *Settings* tab of the Fuel Web UI, scroll the page down and select
12 the *LDAP plugin for Keystone* checkbox: 12 the *LDAP plugin for Keystone* checkbox:
13 13
14 .. image:: images/ldap-checkbox.png 14 .. image:: images/ldap_plugin.png
15 .. image:: images/enable_ldap_plugin.png
15 16
16#. Fill in plugin settings into the text field. LDAP plugin features the following 17#. Enter plugin settings into the text fields:
17 parameters to enter: 18
19 .. image:: images/settings.png
20
21 Specify domain name, LDAP URL, LDAP suffix:
22
23 .. image:: images/ldap_settings.png
24 .. image:: images/ldap_settings_suffix.png
25
26 Enable TLS use and put certificate if it is needed:
27
28 .. image:: images/tls_settings.png
29
30 Enable LDAP proxy and put custom config if it is needed:
31
32 .. image:: images/enable_ldap_proxy.png
33 .. image:: images/custom_proxy_configs.png
34
35 Specify LDAP user, password and other settings:
36
37 .. image:: images/user_ldap_settings.png
38
39 To use LDAP groups provide settings for it:
40
41 .. image:: images/group_ldap_settings.png
42
43 Fields description:
18 44
19 ================================== =============== 45 ================================== ===============
20 Field Comment 46 Field Comment
21 ================================== =============== 47 ================================== ===============
22 Domain name Name of the Keystone domain. 48 Domain name Name of the Keystone domain.
23 LDAP URL URL for connecting to the LDAP server. 49 LDAP URL URL for connecting to the LDAP server.
24 LDAP Suffix LDAP server suffix. 50 LDAP proxy Enable LDAP proxy.
25 Use TLS Enable TLS for communicating with the LDAP server. 51 Use TLS Enable TLS for communicating with the LDAP server.
26 CA Chain CA trust chain in PEM format. 52 CA Chain CA trust chain in PEM format.
27 53 LDAP Suffix LDAP server suffix.
28 LDAP User User BindDN to query the LDAP server. 54 LDAP User User BindDN to query the LDAP server.
29 LDAP User Password Password for the BindDN to query the LDAP 55 LDAP User Password Password for the BindDN to query the LDAP
30 server. 56 server.
@@ -45,31 +71,62 @@ Configuring LDAP plugin
45 Group Name Attribute LDAP attribute mapped to group name. 71 Group Name Attribute LDAP attribute mapped to group name.
46 Group Member Attribute LDAP attribute that maps user to group. 72 Group Member Attribute LDAP attribute that maps user to group.
47 Group description Attribute LDAP attribute mapped to description. 73 Group description Attribute LDAP attribute mapped to description.
74 Page Size Attribute Maximum results per page.
75 Chase referrals Attribute Referral chasing behavior for queries.
76 List of additional Domains Blocks of additional domains/parameters that should be created.
77 List of custom LDAP proxy configs List of custom LDAP proxy configs.
48 78
49 ================================== =============== 79 ================================== ===============
50
51 80
52 .. image:: images/settings.png 81#. To deploy an environment with support of multiple domains 'List of additional Domains'
82 text area should be used. All needed parameters that describes a domain should be copied there,
83 all parameters form a block of parameters.
84
85 .. image:: images/additional_domains.png
86
87 To add multiple domains such block of parameters should be added
88 to 'List of additional Domains' text area and these blocks should
89 be separated by empty line.
90
91#. To set up an environment with activated LDAP proxy 'LDAP proxy' checkbox should be selected.
92 When only 'LDAP proxy' checkbox is selected: it activates LDAP proxy for base domain and activates
93 LDAP proxy for additional domains if they have 'ldap_proxy=true' parameter in their configurations.
94
95 .. image:: images/enable_ldap_proxy.png
96 .. image:: images/ldap_proxy_param.png
97
98 In this case LDAP proxy configurations for LDAP domains are taken from templates located in the plugin.
99 Configurations from the templates have minimal functionality and they are intended for testing needs.
53 100
54 * Specify domain name, LDAP URL, LDAP suffix: 101 To specify custom settings for LDAP proxy 'List of custom LDAP proxy configs' text area should be used.
102 There can be specified base settings for a proxy service: 'includes', loglevel and etc. can be added to a
103 proxy configuration file. For this 'config_for' parameter with 'base_config' value should be specified and
104 after that needed settings should be added.
55 105
56 .. image:: images/ldap_settings.png 106 .. image:: images/proxy_base_config.png
57 107
58 * Enable TLS use and put certificate if it is needed: 108 To specify custom settings for LDAP domain 'config_for' parameter with <domain_name> value should be added
109 and after that custom settings can be specified.
59 110
60 .. image:: images/tls_settings.png 111 .. image:: images/proxy_custom_config.png
61 112
62 * Specify LDAP user, password and other settings: 113 Blocks of custom settings should be separated by empty line.
63 114
64 .. image:: images/user_ldap_settings.png 115#.Continue with environment configuration and deploy it;
116 for instructions, see
117 `Fuel User Guide <http://docs.openstack.org/developer/fuel-docs/mitaka/userdocs/fuel-user-guide.html>`_.
65 118
66 * To use LDAP groups, enter the corresponding values: 119#. After successful environment deployment log into dashboard in default domain:
67 120
68 .. image:: images/group_ldap_settings.png 121 .. image:: images/default_domain.png
69 122
123#. Go to Identity -> Domains, select needed domain and 'Set Domain Context' for the domain:
70 124
71#. Finalize environment configuration and run network verification check. 125 .. image:: images/domains.png
72 Once done, 126 .. image:: images/domain_context.png
73 `deploy your environment <http://docs.mirantis.com/openstack/fuel/fuel-7.0/user-guide.html#deploy-changes>`_.
74 127
128#. Go to Identity -> Projects and select 'Create Project' to create a new project for the domain
129 and add user members to the project:
75 130
131 .. image:: images/project.png
132 .. image:: images/project_members.png
diff --git a/doc/source/description.rst b/doc/source/description.rst
index 6ec0529..5b94584 100644
--- a/doc/source/description.rst
+++ b/doc/source/description.rst
@@ -17,9 +17,8 @@ Requirements
17================================== =============== 17================================== ===============
18Requirement Version/Comment 18Requirement Version/Comment
19================================== =============== 19================================== ===============
20Fuel 7.0 20Fuel 9.0
21Pre-configured LDAP server 21Pre-configured LDAP server
22MU (Maintenance Update) 3
23================================== =============== 22================================== ===============
24 23
25LDAP server should be pre-deployed and be accessible via Public network 24LDAP server should be pre-deployed and be accessible via Public network
diff --git a/doc/source/guide.rst b/doc/source/guide.rst
index 5d8e9f3..22d3865 100644
--- a/doc/source/guide.rst
+++ b/doc/source/guide.rst
@@ -2,57 +2,8 @@
2User Guide 2User Guide
3========== 3==========
4 4
5
6#. After successfull environment deployment, log into Horizon into the default domain:
7
8 .. image:: images/default_domain.png
9
10#. Go to Identity -> Domains, select the required domain and select
11 *Set Domain Context* for it:
12
13 .. image:: images/domains.png
14 .. image:: images/domain_context.png
15
16#. Go to Identity -> Projects and select 'Create Project' to create a new project for the domain
17 and add user members to the project:
18
19 .. image:: images/project.png
20 .. image:: images/project_members.png
21
22#. After successful deployment, all users from the LDAP directory matching the 5#. After successful deployment, all users from the LDAP directory matching the
23 configured filter criteria can authenticate against Keystone. To validate the 6 configured filter criteria can authenticate against Keystone. To validate the
24 configuration, log into the Horizon dashboard using LDAP credentials: 7 configuration, log into the Horizon dashboard using LDAP credentials:
25 8
26 .. image:: images/dashboard.png 9 .. image:: images/dashboard.png
27
28#. You can also try to obtain a token to validate authentication:
29
30 .. code-block:: bash
31
32 # curl -i -s -H "Content-Type: application/json" -d '
33 { "auth": {
34 "identity": {
35 "methods": ["password"],
36 "password": {
37 "user": {
38 "name": "admin",
39 "domain": { "id": "default" },
40 "password": "admin"
41 }
42 }
43 },
44 "scope": {
45 "project": {
46 "name": "admin",
47 "domain": { "id": "default" }
48 }
49 }
50 }
51 }' http://<dashboard_ip>:5000/v3/auth/tokens
52
53 HTTP/1.1 201 Created
54 X-Subject-Token: 77a7c2da81f54bb7b46efefa7c7bb5ae
55 Vary: X-Auth-Token
56 Content-Type: application/json
57 Content-Length: 2173
58
diff --git a/doc/source/images/additional_domains.png b/doc/source/images/additional_domains.png
new file mode 100644
index 0000000..c249373
--- /dev/null
+++ b/doc/source/images/additional_domains.png
Binary files differ
diff --git a/doc/source/images/custom_proxy_configs.png b/doc/source/images/custom_proxy_configs.png
new file mode 100644
index 0000000..a5f43dd
--- /dev/null
+++ b/doc/source/images/custom_proxy_configs.png
Binary files differ
diff --git a/doc/source/images/dashboard.png b/doc/source/images/dashboard.png
index c63947e..4f7eb92 100644
--- a/doc/source/images/dashboard.png
+++ b/doc/source/images/dashboard.png
Binary files differ
diff --git a/doc/source/images/default_domain.png b/doc/source/images/default_domain.png
index fe4df2c..f49ed81 100644
--- a/doc/source/images/default_domain.png
+++ b/doc/source/images/default_domain.png
Binary files differ
diff --git a/doc/source/images/domain_context.png b/doc/source/images/domain_context.png
index 5c8f750..57f9d6d 100644
--- a/doc/source/images/domain_context.png
+++ b/doc/source/images/domain_context.png
Binary files differ
diff --git a/doc/source/images/domains.png b/doc/source/images/domains.png
index 745a1a4..f4f3120 100644
--- a/doc/source/images/domains.png
+++ b/doc/source/images/domains.png
Binary files differ
diff --git a/doc/source/images/enable_ldap_plugin.png b/doc/source/images/enable_ldap_plugin.png
index edfc126..bcea68a 100644
--- a/doc/source/images/enable_ldap_plugin.png
+++ b/doc/source/images/enable_ldap_plugin.png
Binary files differ
diff --git a/doc/source/images/enable_ldap_proxy.png b/doc/source/images/enable_ldap_proxy.png
new file mode 100644
index 0000000..8eb7f1c
--- /dev/null
+++ b/doc/source/images/enable_ldap_proxy.png
Binary files differ
diff --git a/doc/source/images/group_ldap_settings.png b/doc/source/images/group_ldap_settings.png
index 44962f0..47c7102 100644
--- a/doc/source/images/group_ldap_settings.png
+++ b/doc/source/images/group_ldap_settings.png
Binary files differ
diff --git a/doc/source/images/ldap-checkbox.png b/doc/source/images/ldap-checkbox.png
deleted file mode 100644
index 27ee64f..0000000
--- a/doc/source/images/ldap-checkbox.png
+++ /dev/null
Binary files differ
diff --git a/doc/source/images/ldap_plugin.png b/doc/source/images/ldap_plugin.png
index 52421a3..a23e98d 100644
--- a/doc/source/images/ldap_plugin.png
+++ b/doc/source/images/ldap_plugin.png
Binary files differ
diff --git a/doc/source/images/ldap_proxy_param.png b/doc/source/images/ldap_proxy_param.png
new file mode 100644
index 0000000..a4c0037
--- /dev/null
+++ b/doc/source/images/ldap_proxy_param.png
Binary files differ
diff --git a/doc/source/images/ldap_settings.png b/doc/source/images/ldap_settings.png
index a086aba..7fc281b 100644
--- a/doc/source/images/ldap_settings.png
+++ b/doc/source/images/ldap_settings.png
Binary files differ
diff --git a/doc/source/images/ldap_settings_suffix.png b/doc/source/images/ldap_settings_suffix.png
new file mode 100644
index 0000000..6309907
--- /dev/null
+++ b/doc/source/images/ldap_settings_suffix.png
Binary files differ
diff --git a/doc/source/images/project.png b/doc/source/images/project.png
index b4ab3f4..b11c31d 100644
--- a/doc/source/images/project.png
+++ b/doc/source/images/project.png
Binary files differ
diff --git a/doc/source/images/project_members.png b/doc/source/images/project_members.png
index d34d64d..de3c516 100644
--- a/doc/source/images/project_members.png
+++ b/doc/source/images/project_members.png
Binary files differ
diff --git a/doc/source/images/proxy_base_config.png b/doc/source/images/proxy_base_config.png
new file mode 100644
index 0000000..5f42788
--- /dev/null
+++ b/doc/source/images/proxy_base_config.png
Binary files differ
diff --git a/doc/source/images/proxy_custom_config.png b/doc/source/images/proxy_custom_config.png
new file mode 100644
index 0000000..9db2115
--- /dev/null
+++ b/doc/source/images/proxy_custom_config.png
Binary files differ
diff --git a/doc/source/images/settings.png b/doc/source/images/settings.png
index c3bf3f2..83b0854 100644
--- a/doc/source/images/settings.png
+++ b/doc/source/images/settings.png
Binary files differ
diff --git a/doc/source/images/tls_settings.png b/doc/source/images/tls_settings.png
index 7f67e5a..e24197c 100644
--- a/doc/source/images/tls_settings.png
+++ b/doc/source/images/tls_settings.png
Binary files differ
diff --git a/doc/source/images/user_ldap_settings.png b/doc/source/images/user_ldap_settings.png
index 10b4b9b..13681a6 100644
--- a/doc/source/images/user_ldap_settings.png
+++ b/doc/source/images/user_ldap_settings.png
Binary files differ
diff --git a/doc/source/index.rst b/doc/source/index.rst
index f2f761c..eef8d8f 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -9,9 +9,13 @@ Plugin Guide
9 :maxdepth: 2 9 :maxdepth: 2
10 10
11 description 11 description
12 changelog
13 limitations
12 installation 14 installation
13 configuration 15 configuration
14 guide 16 guide
17 verification
18 troubleshooting
15 appendix 19 appendix
16 20
17 21
diff --git a/doc/source/installation.rst b/doc/source/installation.rst
index 922ec00..b0e7b72 100644
--- a/doc/source/installation.rst
+++ b/doc/source/installation.rst
@@ -13,27 +13,20 @@ To install LDAP plugin, follow these steps:
13 13
14#. Copy the plugin on an already installed Fuel Master node (SSH can be used for 14#. Copy the plugin on an already installed Fuel Master node (SSH can be used for
15 that). If you do not have the Fuel Master node yet, see `Quick Start Guide 15 that). If you do not have the Fuel Master node yet, see `Quick Start Guide
16 <https://software.mirantis.com/quick-start/>`_: 16 <http://docs.openstack.org/developer/fuel-docs/userdocs/fuel-install-guide/install/install_install_fuel_master_node.html>`_::
17 17
18 .. code-block:: bash 18 # scp ldap-3.0-3.0.0-1.noarch.rpm root@<Fuel_Master_IP>:/tmp
19 19
20 # scp ldap-1.0-1.0.0-1.noarch.rpm root@<Fuel_Master_IP>:/tmp 20#. Log into the Fuel Master node. Install the plugin::
21 21
22#. Log into the Fuel Master node. Install the plugin: 22 # cd /tmp
23 23 # fuel plugins --install ldap-3.0-3.0.0-1.noarch.rpm
24 .. code-block:: bash
25
26 # cd /tmp
27 # fuel plugins --install ldap-1.0-1.0.0-1.noarch.rpm
28 24
29#. Check if the plugin was installed successfully 25#. Check if the plugin was installed successfully
30 26
31 .. code-block:: bash 27 ::
32 28
33 # fuel plugins 29 # fuel plugins
34 id | name | version | package_version 30 id | name | version | package_version | releases
35 ---|--------------|----------|---------------- 31 ---+------+---------+-----------------+--------------------
36 1 | ldap | 1.0.0 | 2.0.0 32 1 | ldap | 3.0.0 | 3.0.0 | ubuntu (mitaka-9.0)
37
38#. MU-3 (Maintenance Update) should be installed to provide proper work of keystone providers
39 with domains during deployment process.
diff --git a/doc/source/limitations.rst b/doc/source/limitations.rst
new file mode 100644
index 0000000..10f3826
--- /dev/null
+++ b/doc/source/limitations.rst
@@ -0,0 +1,11 @@
1LDAP plugin limitations
2-----------------------
3
4#. LDAP plugin has the following limitations:
5
6 - Installation of LDAP plugin before deployment only;
7 - Fuel will not validate the settings, e.g., by attempting to connect to the LDAP server;
8 - In multidomain configuration the attributes of the first domain are filled in the web form,
9 whereas the attributes of other domains are filled in one field;
10 - The settings of domains determined in “List of additional Domains” field will not be validated;
11 - The settings of proxy determined in "List of custom LDAP proxy configs" field will not be validated;
diff --git a/doc/source/removal.rst b/doc/source/removal.rst
index b4d089e..1937657 100644
--- a/doc/source/removal.rst
+++ b/doc/source/removal.rst
@@ -5,12 +5,10 @@ Delete all environments, in which the LDAP plugin has been enabled.
5 5
6#. Uninstall the plugin:: 6#. Uninstall the plugin::
7 7
8 # fuel plugins --remove ldap==1.0.0 8 # fuel plugins --remove ldap==3.0.0
9 9
10#. Check if the plugin was uninstalled successfully:: 10#. Check if the plugin was uninstalled successfully::
11 11
12 # fuel plugins$ 12 # fuel plugins
13 id | name | version | package_version 13 id | name | version | package_version | releases
14 ---|---------------------------|----------|------ 14 ---+------+---------+-----------------+---------
15
16
diff --git a/doc/source/troubleshooting.rst b/doc/source/troubleshooting.rst
new file mode 100644
index 0000000..d0b5bc7
--- /dev/null
+++ b/doc/source/troubleshooting.rst
@@ -0,0 +1,41 @@
1===============
2Troubleshooting
3===============
4
5Checking presence of LDAP domain/users
6======================================
7
8To get a list of domains in keystone run the following command on Controller node:
9
10.. code-block:: bash
11
12 OS_IDENTITY_API_VERSION=3 openstack domain list
13
14To get a list of users in a domain run the following command on Controller node:
15
16.. code-block:: bash
17
18 OS_IDENTITY_API_VERSION=3 openstack user list --quiet --long --domain <domain_name>
19
20Checking LDAP server availability
21=================================
22
23To check LDAP server availability run the following command on Controller node:
24
25.. code-block:: bash
26
27 ldapsearch -H ldap://<url/ip_address> -x -b dc=<ldap>,dc=<suffix>
28
29LDAP plugin log files
30=====================
31
32As LDAP plugin only updates keystone configuration files to check keystone
33service, these files keep logs:
34
35/var/log/apache2/keystone_wsgi_admin_access.log
36
37/var/log/apache2/keystone_wsgi_admin_error.log
38
39/var/log/apache2/keystone_wsgi_main_access.log
40
41/var/log/apache2/keystone_wsgi_main_error.log
diff --git a/doc/source/verification.rst b/doc/source/verification.rst
new file mode 100644
index 0000000..cb4cb13
--- /dev/null
+++ b/doc/source/verification.rst
@@ -0,0 +1,12 @@
1LDAP plugin validation
2----------------------
3
4#. To validate that LDAP plugin is successfully applied after deployment:
5
6 - Log into Horizon using domain/user credentials from LDAP server;
7 - Create an instance;
8
9 Expecting results:
10
11 - All LDAP users can authenticate via Keystone;
12 - An instance is successfully created;