diff options
| author | Henry Nash <henryn@linux.vnet.ibm.com> | 2013-01-16 16:10:24 +0000 |
|---|---|---|
| committer | Henry Nash <henryn@linux.vnet.ibm.com> | 2013-02-12 16:09:15 +0000 |
| commit | 8a89464d62e9c81a1ba15c0a3aa695456fc6fd33 (patch) | |
| tree | 46c61fe10c2859fdeddd80379d15bc839d37cd3d /keystone/config.py | |
| parent | f1defe8f624e006a7562bc07cd471bdd176e303e (diff) | |
| download | keystone-8a89464d62e9c81a1ba15c0a3aa695456fc6fd33.tar.gz keystone-8a89464d62e9c81a1ba15c0a3aa695456fc6fd33.tar.xz keystone-8a89464d62e9c81a1ba15c0a3aa695456fc6fd33.zip | |
Keystone backend preparation for domain-scoping
These changes lay the ground work for the implmentation of
domain-scoping, but are benign in that they don't change the token.
They include making domain_id a first-class attribute in the user
and project entity (i.e. move it out of the 'extra' attribute),
filling in domain grant and project support for the kvs backend and
fixing a series of issues in the mirgation to make it work for both
MySQL, Postgresql and sqlite.
A further, separate, commit will actually provide the code to
update the actual tokens once the v3 token support has been added.
blueprint domain-scoping
blueprint default-domain
Change-Id: I55ab7947a6a1efbab003bd234856bd3805bb4a63
Diffstat (limited to 'keystone/config.py')
| -rw-r--r-- | keystone/config.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/keystone/config.py b/keystone/config.py index acd70e69..a459264d 100644 --- a/keystone/config.py +++ b/keystone/config.py @@ -256,6 +256,7 @@ register_str('user_name_attribute', group='ldap', default='sn') register_str('user_mail_attribute', group='ldap', default='email') register_str('user_pass_attribute', group='ldap', default='userPassword') register_str('user_enabled_attribute', group='ldap', default='enabled') +register_str('user_domain_id_attribute', group='ldap', default='domain_id') register_int('user_enabled_mask', group='ldap', default=0) register_str('user_enabled_default', group='ldap', default='True') register_list('user_attribute_ignore', group='ldap', @@ -272,6 +273,7 @@ register_str('tenant_member_attribute', group='ldap', default='member') register_str('tenant_name_attribute', group='ldap', default='ou') register_str('tenant_desc_attribute', group='ldap', default='desc') register_str('tenant_enabled_attribute', group='ldap', default='enabled') +register_str('tenant_domain_id_attribute', group='ldap', default='domain_id') register_list('tenant_attribute_ignore', group='ldap', default='') register_bool('tenant_allow_create', group='ldap', default=True) register_bool('tenant_allow_update', group='ldap', default=True) @@ -295,6 +297,7 @@ register_str('group_id_attribute', group='ldap', default='cn') register_str('group_name_attribute', group='ldap', default='ou') register_str('group_member_attribute', group='ldap', default='member') register_str('group_desc_attribute', group='ldap', default='desc') +register_str('group_domain_id_attribute', group='ldap', default='domain_id') register_list('group_attribute_ignore', group='ldap', default='') register_bool('group_allow_create', group='ldap', default=True) register_bool('group_allow_update', group='ldap', default=True) |