diff options
| author | Jenkins <jenkins@review.openstack.org> | 2013-02-12 06:52:11 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-02-12 06:52:11 +0000 |
| commit | f1defe8f624e006a7562bc07cd471bdd176e303e (patch) | |
| tree | 894e6fa901908397c43932ec5b01a2df5d3a9fc7 | |
| parent | b537752f018435313936860de6eb0797ffd04cab (diff) | |
| parent | cfb3fdb5ecd3969e069a5379a0de34839af6e626 (diff) | |
Merge "allow unauthenticated connections to an LDAP server"
| -rw-r--r-- | keystone/config.py | 16 | ||||
| -rw-r--r-- | tests/test_backend_ldap.py | 16 |
2 files changed, 25 insertions, 7 deletions
diff --git a/keystone/config.py b/keystone/config.py index 3c01a88f..acd70e69 100644 --- a/keystone/config.py +++ b/keystone/config.py @@ -199,13 +199,14 @@ register_int('max_token_size', default=8192) # identity register_str('default_domain_id', group='identity', default='default') -#ssl options +# ssl register_bool('enable', group='ssl', default=False) register_str('certfile', group='ssl', default=None) register_str('keyfile', group='ssl', default=None) register_str('ca_certs', group='ssl', default=None) register_bool('cert_required', group='ssl', default=False) -#signing options + +# signing register_str('token_format', group='signing', default="PKI") register_str('certfile', group='signing', @@ -219,7 +220,7 @@ register_int('valid_days', group='signing', default=3650) register_str('ca_password', group='signing', default=None) -# sql options +# sql register_str('connection', group='sql', default='sqlite:///keystone.db') register_int('idle_timeout', group='sql', default=200) @@ -238,10 +239,10 @@ register_str('driver', group='stats', default='keystone.contrib.stats.backends.kvs.Stats') -#ldap +# ldap register_str('url', group='ldap', default='ldap://localhost') -register_str('user', group='ldap', default='dc=Manager,dc=example,dc=com') -register_str('password', group='ldap', default='freeipa4all') +register_str('user', group='ldap', default=None) +register_str('password', group='ldap', default=None) register_str('suffix', group='ldap', default='cn=example,cn=com') register_bool('use_dumb_member', group='ldap', default=False) register_str('dumb_member', group='ldap', default='cn=dumb,dc=nonexistent') @@ -298,7 +299,8 @@ register_list('group_attribute_ignore', group='ldap', default='') register_bool('group_allow_create', group='ldap', default=True) register_bool('group_allow_update', group='ldap', default=True) register_bool('group_allow_delete', group='ldap', default=True) -#pam + +# pam register_str('url', group='pam', default=None) register_str('userid', group='pam', default=None) register_str('password', group='pam', default=None) diff --git a/tests/test_backend_ldap.py b/tests/test_backend_ldap.py index f982e67b..3b6d1e13 100644 --- a/tests/test_backend_ldap.py +++ b/tests/test_backend_ldap.py @@ -396,6 +396,22 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): user_ref = self.identity_api.get_user('fake1') self.assertEqual(user_ref['enabled'], True) + def test_user_api_get_connection_no_user_password(self): + """Don't bind in case the user and password are blank""" + self.config([test.etcdir('keystone.conf.sample'), + test.testsdir('test_overrides.conf')]) + CONF.ldap.url = "fake://memory" + user_api = identity_ldap.UserApi(CONF) + self.stubs.Set(fakeldap, 'FakeLdap', + self.mox.CreateMock(fakeldap.FakeLdap)) + # we have to track all calls on 'conn' to make sure that + # conn.simple_bind_s is not called + conn = self.mox.CreateMockAnything() + conn = fakeldap.FakeLdap(CONF.ldap.url).AndReturn(conn) + self.mox.ReplayAll() + + user_api.get_connection(user=None, password=None) + # TODO (henry-nash) These need to be removed when the full LDAP implementation # is submitted - see BugL #1092187 def test_group_crud(self): |