Skip to content
Snippets Groups Projects
Commit bb631bed authored by sousaedu's avatar sousaedu Committed by Mark Beierl
Browse files

Adding extra LDAP configurations to Keystone docker


Adding the following configuration options:
- chase_referrals
- page_size
- group_tree_dn
- group_objectclass

Change-Id: Ibcfb6cd1ebb11db6081c229d35ac44c8ae2c5a3f
Signed-off-by: default avatarsousaedu <eduardo.sousa@canonical.com>
parent 0be373d5
No related branches found
No related tags found
No related merge requests found
......@@ -63,6 +63,8 @@ ENV SERVICE_PROJECT service
# ENV LDAP_URL ldap://localhost
# ENV LDAP_BIND_USER no default
# ENV LDAP_BIND_PASSWORD no default
# ENV LDAP_CHASE_REFERRALS no default
# ENV LDAP_PAGE_SIZE 0
# ENV LDAP_USER_TREE_DN no default
# ENV LDAP_USER_OBJECTCLASS inetOrgPerson
# ENV LDAP_USER_ID_ATTRIBUTE cn
......@@ -73,6 +75,8 @@ ENV SERVICE_PROJECT service
# ENV LDAP_USER_ENABLED_MASK 0
# ENV LDAP_USER_ENABLED_DEFAULT true
# ENV LDAP_USER_ENABLED_INVERT false
# ENV LDAP_GROUP_OBJECTCLASS groupOfNames
# ENV LDAP_GROUP_TREE_DN no default
# ENV LDAP_USE_STARTTLS false
# ENV LDAP_TLS_CACERT_BASE64 no default
# ENV LDAP_TLS_REQ_CERT demand
......
......@@ -123,6 +123,12 @@ EOF
if [ $LDAP_BIND_PASSWORD ]; then
echo "password = $LDAP_BIND_PASSWORD" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
if [ $LDAP_CHASE_REFERRALS ]; then
echo "chase_referrals = $LDAP_CHASE_REFERRALS" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
if [ $LDAP_PAGE_SIZE ]; then
echo "page_size = $LDAP_PAGE_SIZE" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
if [ $LDAP_USER_TREE_DN ]; then
echo "user_tree_dn = $LDAP_USER_TREE_DN" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
......@@ -153,6 +159,12 @@ EOF
if [ $LDAP_USER_ENABLED_INVERT ]; then
echo "user_enabled_invert = $LDAP_USER_ENABLED_INVERT" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
if [ $LDAP_GROUP_OBJECTCLASS ]; then
echo "group_objectclass = $LDAP_GROUP_OBJECTCLASS" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
if [ $LDAP_GROUP_TREE_DN ]; then
echo "group_tree_dn = $LDAP_GROUP_TREE_DN" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
if [ $LDAP_USE_STARTTLS ] && [ "$LDAP_USE_STARTTLS" == "true" ]; then
echo "use_tls = true" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
mkdir -p /etc/keystone/ssl/certs/
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment