LDAP: document enabled_emulation
- Add documentation to the Configuration page for enabled_emulation - Fix a comment about the default value used for enabled_emulation Change-Id: I3fdb4e9ecfe8bd43f8046d6e99a18941bc938487 Closes-Bug: #1275907
This commit is contained in:
Matt Fischer
parent
e2f8277e8d
commit
f074c30d65
|
|
@ -1332,6 +1332,31 @@ specified classes in the LDAP module so you can configure them like::
|
|||
role_member_attribute = roleOccupant
|
||||
role_attribute_ignore =
|
||||
|
||||
|
||||
Enabled Emulation
|
||||
-----------------
|
||||
|
||||
Some directory servers do not provide any enabled attribute. For these
|
||||
servers, the ``user_enabled_emulation`` and ``tenant_enabled_emulation``
|
||||
attributes have been created. They are enabled by setting their respective
|
||||
flags to True. Then the attributes ``user_enabled_emulation_dn`` and
|
||||
``tenant_enabled_emulation_dn`` may be set to specify how the enabled users
|
||||
and projects (tenants) are selected. These attributes work by using a
|
||||
``groupOfNames`` and adding whichever users or projects (tenants) that
|
||||
you want enabled to the respective group. For example, this will
|
||||
mark any user who is a member of ``enabled_users`` as enabled::
|
||||
|
||||
[ldap]
|
||||
user_enabled_emulation = True
|
||||
user_enabled_emulation_dn = cn=enabled_users,cn=groups,dc=openstack,dc=org
|
||||
|
||||
The default values for user and project (tenant) enabled emulation DN is
|
||||
``cn=enabled_users,$user_tree_dn`` and ``cn=enabled_tenants,$tenant_tree_dn``
|
||||
respectively.
|
||||
|
||||
Secure Connection
|
||||
-----------------
|
||||
|
||||
If you are using a directory server to provide the Identity service,
|
||||
it is strongly recommended that you utilize a secure connection from
|
||||
Keystone to the directory server. In addition to supporting ldaps, Keystone
|
||||
|
|
|
|||
|
|
@ -675,10 +675,10 @@ class EnabledEmuMixIn(BaseLdap):
|
|||
|
||||
* $name_enabled_emulation - boolean, on/off
|
||||
* $name_enabled_emulation_dn - DN of that groupOfNames, default is
|
||||
cn=enabled_$name,$tree_dn
|
||||
cn=enabled_${name}s,${tree_dn}
|
||||
|
||||
Where $name is self.options_name ('user' or 'tenant'), $tree_dn is
|
||||
self.tree_dn.
|
||||
Where ${name}s is the plural of self.options_name ('users' or 'tenants'),
|
||||
${tree_dn} is self.tree_dn.
|
||||
"""
|
||||
|
||||
def __init__(self, conf):
|
||||
|
|
|
|||
Loading…
Reference in New Issue