required ldap configs not explicitly defined in config.yaml

Bug #1832765 reported by Alex H on 2019-06-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Keystone LDAP integration
Wishlist
Unassigned

Bug Description

The keystone-ldap charm should explicitly specify necessary ldap configuration values which are currently being set as part of ldap-config-flags. This creates a template for proper configuration which can then be enforced by the charm, and also increases charm usability in the case of a user that might be less experienced with ldap configuration.

Certain required configs, such as user_filter, user name attribute, user id attribute, group tree dn, group name attribute, group id attribute definitely need to be explicitly set in config.yaml, though other frequently used values should be included as well, with a suggested list below:

query_scope - default to 'sub'
user_tree_dn: default to 'ou=users,dc=example,dc=com'
user_filter: default to '(memberof=cn=openstack_group,ou=groups,dc=example,dc=com)'
user_name_attributes: default to uid
user_id_attribute: default to uidNumber
user_objectclass: default to posixAccount
group_tree_dn: default to 'ou=groups,dc=example,dc=com'
group_objectclass: default to 'posixGroup'
group_id_attributes: default to 'gidNumber'
user_enabled_emulation | user_enabled_emulation_dn | user_enabled_attribute | user_enabled_flags | user_enabled_attribute_reverse (spelling on some of these unknown) should be something the charm handles consciously.

The full list of ldap config values can be found at https://docs.openstack.org/keystone/pike/admin/identity-integrate-with-ldap.html

Alex H (anonybodi) on 2019-06-13
summary: - required ldap configs not explcitily defined in config.yaml
+ required ldap configs not expicitly defined in config.yaml
Alex H (anonybodi) on 2019-06-13
summary: - required ldap configs not expicitly defined in config.yaml
+ required ldap configs not explicitly defined in config.yaml
Corey Bryant (corey.bryant) wrote :

Thanks Alex, this would be a nice addition to the charm.

Changed in charm-keystone-ldap:
status: New → Triaged
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers