From 0be373d598b83194af8ad053975c0c096053d3c4 Mon Sep 17 00:00:00 2001 From: sousaedu Date: Tue, 20 Oct 2020 01:06:32 +0100 Subject: [PATCH] Adding extra LDAP configuration options to Keystone charm Adding the following configuration options: - chase_referrals - page_size - group_tree_dn - group_objectclass Change-Id: I413de917a5d31142527f7136e24eceef457f013b Signed-off-by: sousaedu --- installers/charm/keystone/config.yaml | 21 +++++++++++++++++++++ installers/charm/keystone/src/charm.py | 8 ++++++++ 2 files changed, 29 insertions(+) diff --git a/installers/charm/keystone/config.yaml b/installers/charm/keystone/config.yaml index 1ad4785b..06ea0603 100644 --- a/installers/charm/keystone/config.yaml +++ b/installers/charm/keystone/config.yaml @@ -117,6 +117,19 @@ options: type: string description: Password to bind and search for users default: "" + ldap_chase_referrals: + type: string + description: | + Sets keystone’s referral chasing behavior across directory partitions. + If left unset, the system’s default behavior will be used. + default: "" + ldap_page_size: + type: int + description: | + Defines the maximum number of results per page that keystone should + request from the LDAP server when listing objects. A value of zero (0) + disables paging. + default: 0 ldap_user_tree_dn: type: string description: | @@ -203,6 +216,14 @@ options: setting in conjunction with user_enabled_attribute to map the lock status to disabled in Keystone. default: false + ldap_group_objectclass: + type: string + description: The LDAP object class to use for groups. + default: groupOfNames + ldap_group_tree_dn: + type: string + description: The search base to use for groups. + default: "" ldap_use_starttls: type: boolean description: | diff --git a/installers/charm/keystone/src/charm.py b/installers/charm/keystone/src/charm.py index 23dfcb6f..ef16690a 100755 --- a/installers/charm/keystone/src/charm.py +++ b/installers/charm/keystone/src/charm.py @@ -206,6 +206,7 @@ class KeystoneCharm(CharmBase): "ldap_authentication_domain_name" ] envconfig["LDAP_URL"] = config["ldap_url"] + envconfig["LDAP_PAGE_SIZE"] = config["ldap_page_size"] envconfig["LDAP_USER_OBJECTCLASS"] = config["ldap_user_objectclass"] envconfig["LDAP_USER_ID_ATTRIBUTE"] = config["ldap_user_id_attribute"] envconfig["LDAP_USER_NAME_ATTRIBUTE"] = config["ldap_user_name_attribute"] @@ -213,6 +214,7 @@ class KeystoneCharm(CharmBase): envconfig["LDAP_USER_ENABLED_MASK"] = config["ldap_user_enabled_mask"] envconfig["LDAP_USER_ENABLED_DEFAULT"] = config["ldap_user_enabled_default"] envconfig["LDAP_USER_ENABLED_INVERT"] = config["ldap_user_enabled_invert"] + envconfig["LDAP_GROUP_OBJECTCLASS"] = config["ldap_group_objectclass"] if config["ldap_bind_user"]: envconfig["LDAP_BIND_USER"] = config["ldap_bind_user"] @@ -231,6 +233,12 @@ class KeystoneCharm(CharmBase): "ldap_user_enabled_attribute" ] + if config["ldap_chase_referrals"]: + envconfig["LDAP_CHASE_REFERRALS"] = config["ldap_chase_referrals"] + + if config["ldap_group_tree_dn"]: + envconfig["LDAP_GROUP_TREE_DN"] = config["ldap_group_tree_dn"] + if config["ldap_use_starttls"]: envconfig["LDAP_USE_STARTTLS"] = config["ldap_use_starttls"] envconfig["LDAP_TLS_CACERT_BASE64"] = config["ldap_tls_cacert_base64"] -- 2.17.1