diff options
| author | Brad Topol <btopol@us.ibm.com> | 2013-03-25 15:23:15 -0500 |
|---|---|---|
| committer | Brad Topol <btopol@us.ibm.com> | 2013-04-09 00:54:51 -0500 |
| commit | e4ec12e8118b92cbad9e2f287f111b6be8bb2705 (patch) | |
| tree | 9d7af8cc9861c20baf073ae4de60cecfbb0f926f /etc | |
| parent | 89d35004411e1eec9b1af97f589f06ae871aca02 (diff) | |
| download | keystone-e4ec12e8118b92cbad9e2f287f111b6be8bb2705.tar.gz keystone-e4ec12e8118b92cbad9e2f287f111b6be8bb2705.tar.xz keystone-e4ec12e8118b92cbad9e2f287f111b6be8bb2705.zip | |
Add TLS Support for LDAP
Fixes Bug1040115
added several test cases, also provides a full ldap
regression suite. Also added supplemental (simple)
verification for CACERTFILE and CACERTDIR
added a TLS disable option when ldaps URLs are used
and did full regression tests using ldaps URLs
and with TLS
addresses ayoung's comments
addresses dolphm's and Mouad's comments
addresses gyee's doc request and bknudson's comments
Change-Id: I639f2853df0ce5c10ae85b06214b26430d872aca
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/keystone.conf.sample | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample index 9e66eb62..ee2a562e 100644 --- a/etc/keystone.conf.sample +++ b/etc/keystone.conf.sample @@ -212,6 +212,15 @@ # group_allow_update = True # group_allow_delete = True +# ldap TLS options +# if both tls_cacertfile and tls_cacertdir are set then +# tls_cacertfile will be used and tls_cacertdir is ignored +# valid options for tls_req_cert are demand, never, and allow +# use_tls = False +# tls_cacertfile = +# tls_cacertdir = +# tls_req_cert = demand + [auth] methods = password,token password = keystone.auth.plugins.password.Password |