LDAP backend
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Unassigned |
Bug Description
So here comes the first implementation of LDAP backend. First 7 commits can be merged independently since they solve common problems and drawbacks.
Implementation has been tested over hardly modified nova's fakeldap. I will start real LDAP testing tomorrow (writing schema files right after the breakfast).
I implemented only user, tenant and role API modules since tokens in LDAP just make no sense, groups are going to be abandoned (I believe) and I'm not really sure about endpoints, but DB seemed to be a better place for them.
There are plenty of places where one API makes work of another one, so I hardcoded references to sqlalchemy backend in such places just before we clean backed API prototypes.
Backend passes all but 4 groups-related tests. To run them on your own, you have to add backend to config file:
backends = keystone.
[keystone.
ldap_url = fake://ldap.db
ldap_user = cn=Admin
ldap_password = password
And after you do so, you can run tests by hand (without sweet run_tests.py script):
python keystone/
Don't forget to remove all databases (keystone.db, keystone.tokens.db, ldap.db) if you want totally clean test run.
Looking forward for comments and rocks to my window.
Do we have a testing strategy to handle multiple keystone configurations?