Dolph, I appreciate the response and pointing me in the right direction. Here's what I have so far: <imports here>
CONF = config.CONF LOG = logging.getLogger(__name__) class Identity(identity.Driver): def __init__(self): super(Identity, self).__init__() LOG.debug('My authentication module loaded') def authenticate(self, user_id, password, domain_scope=None): LOG.debug('in authenticate method') When I request a user-list via the python-keystoneclient, we never make it into the authenticate method (as is evident by the missing debug log). Any thoughts on why I'm not hitting this method? From: dolph.math...@gmail.com Date: Mon, 27 Jan 2014 18:14:50 -0600 To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] extending keystone identity _check_password() is a private/internal API, so we make no guarantees about it's stability. Instead, override the public authenticate() method with something like this: def authenticate(self, user_id, password, domain_scope=None): if user_id in SPECIAL_LIST_OF_USERS: # compare against value from keystone.conf pass else: return super(CustomIdentityDriver, self).authenticate(user_id, password, domain_scope) On Mon, Jan 27, 2014 at 3:27 PM, Simon Perfer <simon.per...@hotmail.com> wrote: I'm looking to create a simple Identity driver that will look at usernames. A small number of specific users should be authenticated by looking at a hard-coded password in keystone.conf, while any other users should fall back to LDAP authentication. I based my original driver on what's found here: http://waipeng.wordpress.com/2013/09/30/openstack-ldap-authentication/ As can be seen in the github code (https://raw.github.com/waipeng/keystone/8c18917558bebbded0f9c588f08a84b0ea33d9ae/keystone/identity/backends/ldapauth.py), there's a _check_password() method which is supposedly called at some point. I've based my driver on this ldapauth.py file, and created an Identity class which subclasses sql.Identity. Here's what I have so far: CONF = config.CONF LOG = logging.getLogger(__name__) class Identity(sql.Identity): def __init__(self): super(Identity, self).__init__() LOG.debug('My authentication module loaded') def _check_password(self, password, user_ref): LOG.debug('Authenticating via my custom hybrid authentication') username = user_ref.get('name') LOG.debug('Username = %s' % username) I can see from the syslog output that we never enter the _check_password() function. Can someone point me in the right direction regarding which function calls the identity driver? Also, what is the entry function in the identity drivers? Why wouldn't check_password() be called, as we see in the github / blog example above? THANKS! _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev