Re: [Openstack] LDAP support in Keystone Light/redux
On 02/09/2012 03:27 AM, Ryan Lane wrote: On Thu, Feb 9, 2012 at 3:29 AM, Adam Young wrote: I've made some strides in the KSL LDAP implementation. I've set up a github clone with the code pushed: https://github.com/admiyo/keystone/tree/ldap The code is ugly, as I'm in "Just get it working" mode. Cleanup will happend prior to any attempt to merge with the Redux branch. I've attempted to keep the same set of unit tests running as are used for the SQL backend. The one delta is Metadata, as I am not sure how (or even if) we want to reflect that in LDAP. I've made those three unit tests no-ops for LDAP. There are still more API calls to implement, (Tenant_Modify for example) and then I'll test out against a live Open LDAP instance. The one change I've made from the old config is that fields like URL no longer have ldap_ in front of them, so the config will look something like [ldap] url = ldap://localhost user = cn=Admin password = password backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role'] suffix ='cn=example,cn=com' Feedback requested. Looking through the code, it appears that using ldaps:// may work for LDAPS support, but is LDAP w/ TLS going to be supported as well? Have you tested LDAPS support? - Ryan Not yet. Thus far, I've only tested doing a simple bind to the OpenLDAP server. I'm not sure about the rules of using TLS or other Cryptographic approaches with Eventlet: I suspect that to do something like TLS would require a thread pool. I'm mostly focused on getting parity between the Keystone current and Redux code bases. Something more than that would probably be post E4 time frame. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] LDAP support in Keystone Light/redux
On Thu, Feb 9, 2012 at 3:29 AM, Adam Young wrote: > I've made some strides in the KSL LDAP implementation. I've set up a > github clone with the code pushed: > > > https://github.com/admiyo/keystone/tree/ldap > > The code is ugly, as I'm in "Just get it working" mode. Cleanup will > happend prior to any attempt to merge with the Redux branch. I've attempted > to keep the same set of unit tests running as are used for the SQL backend. > The one delta is Metadata, as I am not sure how (or even if) we want to > reflect that in LDAP. I've made those three unit tests no-ops for LDAP. > > There are still more API calls to implement, (Tenant_Modify for example) and > then I'll test out against a live Open LDAP instance. > > The one change I've made from the old config is that fields like URL no > longer have ldap_ in front of them, so the config will look something like > > [ldap] > url = ldap://localhost > user = cn=Admin > password = password > backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role'] > suffix ='cn=example,cn=com' > > > > Feedback requested. > Looking through the code, it appears that using ldaps:// may work for LDAPS support, but is LDAP w/ TLS going to be supported as well? Have you tested LDAPS support? - Ryan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] LDAP support in Keystone Light/redux
I've made some strides in the KSL LDAP implementation. I've set up a github clone with the code pushed: https://github.com/admiyo/keystone/tree/ldap The code is ugly, as I'm in "Just get it working" mode. Cleanup will happend prior to any attempt to merge with the Redux branch. I've attempted to keep the same set of unit tests running as are used for the SQL backend. The one delta is Metadata, as I am not sure how (or even if) we want to reflect that in LDAP. I've made those three unit tests no-ops for LDAP. There are still more API calls to implement, (Tenant_Modify for example) and then I'll test out against a live Open LDAP instance. The one change I've made from the old config is that fields like URL no longer have ldap_ in front of them, so the config will look something like [ldap] url = ldap://localhost user = cn=Admin password = password backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role'] suffix ='cn=example,cn=com' Feedback requested. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp