Adding extra LDAP configurations to Keystone docker

Adding the following configuration options: - chase_referrals - page_size - group_tree_dn - group_objectclass Change-Id: Ibcfb6cd1ebb11db6081c229d35ac44c8ae2c5a3f Signed-off-by: sousaedu <eduardo.sousa@canonical.com>

Adding extra LDAP configurations to Keystone docker
Adding the following configuration options: - chase_referrals - page_size - group_tree_dn - group_objectclass Change-Id: Ibcfb6cd1ebb11db6081c229d35ac44c8ae2c5a3f Signed-off-by: sousaedu <eduardo.sousa@canonical.com>
bb631bed · sousaedu · Mark Beierl · 0be373d5 · bb631bed · bb631bed
Commit bb631bed authored 4 years ago by sousaedu Committed by Mark Beierl 4 years ago
--- a/docker/Keystone/Dockerfile
+++ b/docker/Keystone/Dockerfile
@@ -63,6 +63,8 @@ ENV SERVICE_PROJECT         service
 # ENV LDAP_URL                            ldap://localhost
 # ENV LDAP_BIND_USER                      no default
 # ENV LDAP_BIND_PASSWORD                  no default
+# ENV LDAP_CHASE_REFERRALS                no default
+# ENV LDAP_PAGE_SIZE                      0
 # ENV LDAP_USER_TREE_DN                   no default
 # ENV LDAP_USER_OBJECTCLASS               inetOrgPerson
 # ENV LDAP_USER_ID_ATTRIBUTE              cn
@@ -73,6 +75,8 @@ ENV SERVICE_PROJECT         service
 # ENV LDAP_USER_ENABLED_MASK              0
 # ENV LDAP_USER_ENABLED_DEFAULT           true
 # ENV LDAP_USER_ENABLED_INVERT            false
+# ENV LDAP_GROUP_OBJECTCLASS              groupOfNames
+# ENV LDAP_GROUP_TREE_DN                  no default
 # ENV LDAP_USE_STARTTLS                   false
 # ENV LDAP_TLS_CACERT_BASE64              no default
 # ENV LDAP_TLS_REQ_CERT                   demand

--- a/docker/Keystone/scripts/start.sh
+++ b/docker/Keystone/scripts/start.sh
@@ -123,6 +123,12 @@ EOF
    if [ $LDAP_BIND_PASSWORD ]; then
        echo "password = $LDAP_BIND_PASSWORD" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
    fi
+    if [ $LDAP_CHASE_REFERRALS ]; then
+        echo "chase_referrals = $LDAP_CHASE_REFERRALS" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
+    fi
+    if [ $LDAP_PAGE_SIZE ]; then
+        echo "page_size = $LDAP_PAGE_SIZE" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
+    fi
    if [ $LDAP_USER_TREE_DN ]; then
        echo "user_tree_dn = $LDAP_USER_TREE_DN" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
    fi
@@ -153,6 +159,12 @@ EOF
    if [ $LDAP_USER_ENABLED_INVERT ]; then
        echo "user_enabled_invert = $LDAP_USER_ENABLED_INVERT" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
    fi
+    if [ $LDAP_GROUP_OBJECTCLASS ]; then
+        echo "group_objectclass = $LDAP_GROUP_OBJECTCLASS" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
+    fi
+    if [ $LDAP_GROUP_TREE_DN ]; then
+        echo "group_tree_dn = $LDAP_GROUP_TREE_DN" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
+    fi
    if [ $LDAP_USE_STARTTLS ] && [ "$LDAP_USE_STARTTLS" == "true" ]; then
        echo "use_tls = true" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
        mkdir -p /etc/keystone/ssl/certs/