Merge "Add a LDAP param group_members_are_ids"
This commit is contained in:
commit
b16a5f94fc
|
@ -256,6 +256,10 @@
|
|||
# LDAP attribute mapped to show group membership. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_members_are_ids*]
|
||||
# LDAP attribute when members of the group object class are keystone user IDs. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_desc_attribute*]
|
||||
# LDAP attribute mapped to group description. (string value)
|
||||
# Defaults to 'undef'
|
||||
|
@ -418,6 +422,7 @@ class keystone::ldap(
|
|||
$group_id_attribute = undef,
|
||||
$group_name_attribute = undef,
|
||||
$group_member_attribute = undef,
|
||||
$group_members_are_ids = undef,
|
||||
$group_desc_attribute = undef,
|
||||
$group_attribute_ignore = undef,
|
||||
$group_additional_attribute_mapping = undef,
|
||||
|
@ -512,6 +517,7 @@ class keystone::ldap(
|
|||
'ldap/group_id_attribute': value => $group_id_attribute;
|
||||
'ldap/group_name_attribute': value => $group_name_attribute;
|
||||
'ldap/group_member_attribute': value => $group_member_attribute;
|
||||
'ldap/group_members_are_ids': value => $group_members_are_ids;
|
||||
'ldap/group_desc_attribute': value => $group_desc_attribute;
|
||||
'ldap/group_attribute_ignore': value => $group_attribute_ignore;
|
||||
'ldap/group_additional_attribute_mapping': value => $group_additional_attribute_mapping;
|
||||
|
|
|
@ -271,6 +271,10 @@
|
|||
# LDAP attribute mapped to show group membership. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_members_are_ids*]
|
||||
# LDAP attribute when members of the group object class are keystone user IDs. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_desc_attribute*]
|
||||
# LDAP attribute mapped to group description. (string value)
|
||||
# Defaults to 'undef'
|
||||
|
@ -451,6 +455,7 @@ define keystone::ldap_backend(
|
|||
$group_id_attribute = undef,
|
||||
$group_name_attribute = undef,
|
||||
$group_member_attribute = undef,
|
||||
$group_members_are_ids = undef,
|
||||
$group_desc_attribute = undef,
|
||||
$group_attribute_ignore = undef,
|
||||
$group_allow_create = undef,
|
||||
|
@ -575,6 +580,7 @@ and \"${domain_dir_enabled}\" for identity/domain_config_dir"
|
|||
"${domain}::ldap/group_id_attribute": value => $group_id_attribute;
|
||||
"${domain}::ldap/group_name_attribute": value => $group_name_attribute;
|
||||
"${domain}::ldap/group_member_attribute": value => $group_member_attribute;
|
||||
"${domain}::ldap/group_members_are_ids": value => $group_members_are_ids;
|
||||
"${domain}::ldap/group_desc_attribute": value => $group_desc_attribute;
|
||||
"${domain}::ldap/group_attribute_ignore": value => $group_attribute_ignore;
|
||||
"${domain}::ldap/group_allow_create": value => $group_allow_create;
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
In Keystone, we can set group_members_are_ids option. This parameter enables
|
||||
the members of the group object class to be keystone user IDs
|
||||
rather than LDAP DNs. This is the case when using posixGroup as the group
|
||||
object class in Open Directory.
|
|
@ -60,6 +60,7 @@ describe 'keystone::ldap' do
|
|||
:group_id_attribute => 'cn',
|
||||
:group_name_attribute => 'cn',
|
||||
:group_member_attribute => 'roleOccupant',
|
||||
:group_members_are_ids => 'True',
|
||||
:group_desc_attribute => 'description',
|
||||
:group_attribute_ignore => '',
|
||||
:group_additional_attribute_mapping => '',
|
||||
|
@ -147,6 +148,7 @@ describe 'keystone::ldap' do
|
|||
is_expected.to contain_keystone_config('ldap/group_objectclass').with_value('organizationalRole')
|
||||
is_expected.to contain_keystone_config('ldap/group_id_attribute').with_value('cn')
|
||||
is_expected.to contain_keystone_config('ldap/group_member_attribute').with_value('roleOccupant')
|
||||
is_expected.to contain_keystone_config('ldap/group_members_are_ids').with_value('True')
|
||||
is_expected.to contain_keystone_config('ldap/group_desc_attribute').with_value('description')
|
||||
is_expected.to contain_keystone_config('ldap/group_name_attribute').with_value('cn')
|
||||
is_expected.to contain_keystone_config('ldap/group_attribute_ignore').with_value('')
|
||||
|
|
|
@ -77,6 +77,7 @@ describe 'keystone::ldap_backend' do
|
|||
:group_id_attribute => 'cn',
|
||||
:group_name_attribute => 'cn',
|
||||
:group_member_attribute => 'roleOccupant',
|
||||
:group_members_are_ids => 'True',
|
||||
:group_desc_attribute => 'description',
|
||||
:group_attribute_ignore => '',
|
||||
:group_allow_create => 'False',
|
||||
|
@ -171,6 +172,7 @@ describe 'keystone::ldap_backend' do
|
|||
is_expected.to contain_keystone_domain_config('Default::ldap/group_objectclass').with_value('organizationalRole')
|
||||
is_expected.to contain_keystone_domain_config('Default::ldap/group_id_attribute').with_value('cn')
|
||||
is_expected.to contain_keystone_domain_config('Default::ldap/group_member_attribute').with_value('roleOccupant')
|
||||
is_expected.to contain_keystone_domain_config('Default::ldap/group_members_are_ids').with_value('True')
|
||||
is_expected.to contain_keystone_domain_config('Default::ldap/group_desc_attribute').with_value('description')
|
||||
is_expected.to contain_keystone_domain_config('Default::ldap/group_name_attribute').with_value('cn')
|
||||
is_expected.to contain_keystone_domain_config('Default::ldap/group_attribute_ignore').with_value('')
|
||||
|
|
Loading…
Reference in New Issue