keystone ldap

  • By james-page
  • Latest version (#0)
  • xenial, trusty, yakkety
  • Stable

Description

Keystone v3 deployments support the use of domain specific identity drivers, allowing different types of authentication backend to be deployed in a single Keystone deployment. . This charm supports use of LDAP or Active Directory backends, with configuration details provided by charm configuration options.


Overview

This subordinate charm provides a LDAP domain backend for integrating a
Keystone v3 deployment with an external LDAP based authentication system.

Usage

Use this charm with the Keystone charm, running with preferred-api-version=3:

juju deploy keystone
juju config keystone preferred-api-version=3
juju deploy keystone-ldap
juju add-relation keystone-ldap keystone

Configuration Options

LDAP configuration is provided to this charm via configuration options:

juju config keystone-ldap ldap-server="ldap://10.10.10.10/" \
            ldap-user="cn=admin,dc=test,dc=com" \
            ldap-password="password" \
            ldap-suffix="dc=test,dc=com"

By default, the name of the application ('keystone-ldap') is the name of
the domain for which a domain specific configuration will be configured;
you can change this using the domain-name option:

juju config keystone-ldap domain-name="myorganisationname"

The keystone charm will automatically create a domain to support the backend
once deployed.

Additional LDAP configuration options can be passed as a comma delimited
string using the ldap-config-flags configuration option:

juju config keystone-ldap \
    ldap-config-flags="user_id_attribute=cn,user_name_attribute=cn"

This allows the LDAP configuration of the backend to be tailored to an
individual LDAP configuration.

Bugs

Please report bugs on Launchpad.

For general questions please refer to the OpenStack Charm Guide.

Configuration

verbose
(boolean) Enable verbose logging
ldap-user
(string) Username of the LDAP identity server.
ldap-server
(string) LDAP server address for keystone identity backend.
ldap-password
(string) Password of the LDAP identity server.
domain-name
(string) Name of the keystone domain to configure; defaults to the deployed application name.
ldap-suffix
(string) LDAP server suffix to be used by keystone.
ldap-config-flags
(string) comma sperated options for LDAP configuration.
debug
(boolean) Enable debug logging
ldap-readonly
(boolean) LDAP identity server backend readonly to keystone.
True
use-syslog
(boolean) Setting this to True will allow supporting services to log to syslog.