diff options
author | Brad Topol <btopol@us.ibm.com> | 2013-03-25 15:23:15 -0500 |
---|---|---|
committer | Brad Topol <btopol@us.ibm.com> | 2013-04-09 00:54:51 -0500 |
commit | e4ec12e8118b92cbad9e2f287f111b6be8bb2705 (patch) | |
tree | 9d7af8cc9861c20baf073ae4de60cecfbb0f926f /tests/backend_tls_liveldap.conf | |
parent | 89d35004411e1eec9b1af97f589f06ae871aca02 (diff) | |
download | keystone-e4ec12e8118b92cbad9e2f287f111b6be8bb2705.tar.gz keystone-e4ec12e8118b92cbad9e2f287f111b6be8bb2705.tar.xz keystone-e4ec12e8118b92cbad9e2f287f111b6be8bb2705.zip |
Add TLS Support for LDAP
Fixes Bug1040115
added several test cases, also provides a full ldap
regression suite. Also added supplemental (simple)
verification for CACERTFILE and CACERTDIR
added a TLS disable option when ldaps URLs are used
and did full regression tests using ldaps URLs
and with TLS
addresses ayoung's comments
addresses dolphm's and Mouad's comments
addresses gyee's doc request and bknudson's comments
Change-Id: I639f2853df0ce5c10ae85b06214b26430d872aca
Diffstat (limited to 'tests/backend_tls_liveldap.conf')
-rw-r--r-- | tests/backend_tls_liveldap.conf | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/backend_tls_liveldap.conf b/tests/backend_tls_liveldap.conf new file mode 100644 index 00000000..0c9d7f23 --- /dev/null +++ b/tests/backend_tls_liveldap.conf @@ -0,0 +1,23 @@ +[ldap] +url = ldap:// +user = dc=Manager,dc=openstack,dc=org +password = test +suffix = dc=openstack,dc=org +group_tree_dn = ou=UserGroups,dc=openstack,dc=org +role_tree_dn = ou=Roles,dc=openstack,dc=org +tenant_tree_dn = ou=Projects,dc=openstack,dc=org +domain_tree_dn = ou=Domains,dc=openstack,dc=org +user_tree_dn = ou=Users,dc=openstack,dc=org +tenant_enabled_emulation = True +user_enabled_emulation = True +domain_enabled_emulation = True +user_mail_attribute = mail +use_dumb_member = True +use_tls = True +tls_cacertfile = /etc/keystone/ssl/certs/cacert.pem +tls_cacertdir = /etc/keystone/ssl/certs/ +tls_req_cert = demand + +[identity] +driver = keystone.identity.backends.ldap.Identity + |