commit 0be373d598b83194af8ad053975c0c096053d3c4
author sousaedu <eduardo.sousa@canonical.com> Tue Oct 20 01:06:32 2020 +0100
committer sousaedu <eduardo.sousa@canonical.com> Tue Oct 20 01:06:37 2020 +0100
tree 0c5f51fb33b93a04299973249995fa4a6c13dbe2
parent 738bf6fbc3f9f23307c519f8ef980e9975dcbd9d

Adding extra LDAP configuration options to Keystone charm

Adding the following configuration options:
- chase_referrals
- page_size
- group_tree_dn
- group_objectclass

Change-Id: I413de917a5d31142527f7136e24eceef457f013b
Signed-off-by: sousaedu <eduardo.sousa@canonical.com>

installers/charm/keystone/config.yaml

diff --git a/installers/charm/keystone/config.yaml b/installers/charm/keystone/config.yaml
index 1ad4785..06ea060 100644
--- a/installers/charm/keystone/config.yaml
+++ b/installers/charm/keystone/config.yaml
@@ -117,6 +117,19 @@
     type: string
     description: Password to bind and search for users
     default: ""
+  ldap_chase_referrals:
+    type: string
+    description: |
+      Sets keystone’s referral chasing behavior across directory partitions.
+      If left unset, the system’s default behavior will be used.
+    default: ""
+  ldap_page_size:
+    type: int
+    description: |
+      Defines the maximum number of results per page that keystone should
+      request from the LDAP server when listing objects. A value of zero (0)
+      disables paging.
+    default: 0
   ldap_user_tree_dn:
     type: string
     description: |
@@ -203,6 +216,14 @@
       setting in conjunction with user_enabled_attribute to map the lock
       status to disabled in Keystone.
     default: false
+  ldap_group_objectclass:
+    type: string
+    description: The LDAP object class to use for groups.
+    default: groupOfNames
+  ldap_group_tree_dn:
+    type: string
+    description: The search base to use for groups.
+    default: ""
   ldap_use_starttls:
     type: boolean
     description: |

installers/charm/keystone/src/charm.py

diff --git a/installers/charm/keystone/src/charm.py b/installers/charm/keystone/src/charm.py
index 23dfcb6..ef16690 100755
--- a/installers/charm/keystone/src/charm.py
+++ b/installers/charm/keystone/src/charm.py
@@ -206,6 +206,7 @@
                 "ldap_authentication_domain_name"
             ]
             envconfig["LDAP_URL"] = config["ldap_url"]
+            envconfig["LDAP_PAGE_SIZE"] = config["ldap_page_size"]
             envconfig["LDAP_USER_OBJECTCLASS"] = config["ldap_user_objectclass"]
             envconfig["LDAP_USER_ID_ATTRIBUTE"] = config["ldap_user_id_attribute"]
             envconfig["LDAP_USER_NAME_ATTRIBUTE"] = config["ldap_user_name_attribute"]
@@ -213,6 +214,7 @@
             envconfig["LDAP_USER_ENABLED_MASK"] = config["ldap_user_enabled_mask"]
             envconfig["LDAP_USER_ENABLED_DEFAULT"] = config["ldap_user_enabled_default"]
             envconfig["LDAP_USER_ENABLED_INVERT"] = config["ldap_user_enabled_invert"]
+            envconfig["LDAP_GROUP_OBJECTCLASS"] = config["ldap_group_objectclass"]
 
             if config["ldap_bind_user"]:
                 envconfig["LDAP_BIND_USER"] = config["ldap_bind_user"]
@@ -231,6 +233,12 @@
                     "ldap_user_enabled_attribute"
                 ]
 
+            if config["ldap_chase_referrals"]:
+                envconfig["LDAP_CHASE_REFERRALS"] = config["ldap_chase_referrals"]
+
+            if config["ldap_group_tree_dn"]:
+                envconfig["LDAP_GROUP_TREE_DN"] = config["ldap_group_tree_dn"]
+
             if config["ldap_use_starttls"]:
                 envconfig["LDAP_USE_STARTTLS"] = config["ldap_use_starttls"]
                 envconfig["LDAP_TLS_CACERT_BASE64"] = config["ldap_tls_cacert_base64"]