Adding extra LDAP configuration options to Keystone charm

Adding the following configuration options:
- chase_referrals
- page_size
- group_tree_dn
- group_objectclass

Change-Id: I413de917a5d31142527f7136e24eceef457f013b
Signed-off-by: sousaedu <eduardo.sousa@canonical.com>

diff --git a/installers/charm/keystone/config.yaml b/installers/charm/keystone/config.yaml
index 1ad4785..06ea060 100644 (file)
--- a/installers/charm/keystone/config.yaml
+++ b/installers/charm/keystone/config.yaml
@@ -117,6 +117,19 @@ options:
     type: string
     description: Password to bind and search for users
     default: ""
+  ldap_chase_referrals:
+    type: string
+    description: |
+      Sets keystone’s referral chasing behavior across directory partitions.
+      If left unset, the system’s default behavior will be used.
+    default: ""
+  ldap_page_size:
+    type: int
+    description: |
+      Defines the maximum number of results per page that keystone should
+      request from the LDAP server when listing objects. A value of zero (0)
+      disables paging.
+    default: 0
   ldap_user_tree_dn:
     type: string
     description: |
@@ -203,6 +216,14 @@ options:
       setting in conjunction with user_enabled_attribute to map the lock
       status to disabled in Keystone.
     default: false
+  ldap_group_objectclass:
+    type: string
+    description: The LDAP object class to use for groups.
+    default: groupOfNames
+  ldap_group_tree_dn:
+    type: string
+    description: The search base to use for groups.
+    default: ""
   ldap_use_starttls:
     type: boolean
     description: |

diff --git a/installers/charm/keystone/src/charm.py b/installers/charm/keystone/src/charm.py
index 23dfcb6..ef16690 100755 (executable)
--- a/installers/charm/keystone/src/charm.py
+++ b/installers/charm/keystone/src/charm.py
@@ -206,6 +206,7 @@ class KeystoneCharm(CharmBase):
                 "ldap_authentication_domain_name"
             ]
             envconfig["LDAP_URL"] = config["ldap_url"]
+            envconfig["LDAP_PAGE_SIZE"] = config["ldap_page_size"]
             envconfig["LDAP_USER_OBJECTCLASS"] = config["ldap_user_objectclass"]
             envconfig["LDAP_USER_ID_ATTRIBUTE"] = config["ldap_user_id_attribute"]
             envconfig["LDAP_USER_NAME_ATTRIBUTE"] = config["ldap_user_name_attribute"]
@@ -213,6 +214,7 @@ class KeystoneCharm(CharmBase):
             envconfig["LDAP_USER_ENABLED_MASK"] = config["ldap_user_enabled_mask"]
             envconfig["LDAP_USER_ENABLED_DEFAULT"] = config["ldap_user_enabled_default"]
             envconfig["LDAP_USER_ENABLED_INVERT"] = config["ldap_user_enabled_invert"]
+            envconfig["LDAP_GROUP_OBJECTCLASS"] = config["ldap_group_objectclass"]
 
             if config["ldap_bind_user"]:
                 envconfig["LDAP_BIND_USER"] = config["ldap_bind_user"]
@@ -231,6 +233,12 @@ class KeystoneCharm(CharmBase):
                     "ldap_user_enabled_attribute"
                 ]
 
+            if config["ldap_chase_referrals"]:
+                envconfig["LDAP_CHASE_REFERRALS"] = config["ldap_chase_referrals"]
+
+            if config["ldap_group_tree_dn"]:
+                envconfig["LDAP_GROUP_TREE_DN"] = config["ldap_group_tree_dn"]
+
             if config["ldap_use_starttls"]:
                 envconfig["LDAP_USE_STARTTLS"] = config["ldap_use_starttls"]
                 envconfig["LDAP_TLS_CACERT_BASE64"] = config["ldap_tls_cacert_base64"]