Add TLS Support for LDAP

Fixes Bug1040115

added several test cases, also provides a full ldap
regression suite. Also added supplemental (simple)
verification for CACERTFILE and CACERTDIR
added a TLS disable option when ldaps URLs are used
and did full regression tests using ldaps URLs
and with TLS
addresses ayoung's comments
addresses dolphm's and Mouad's comments
addresses gyee's doc request and bknudson's comments

Change-Id: I639f2853df0ce5c10ae85b06214b26430d872aca

1 files changed, 23 insertions, 0 deletions

diff --git a/tests/backend_tls_liveldap.conf b/tests/backend_tls_liveldap.conf
new file mode 100644
index 00000000..0c9d7f23
--- /dev/null
+++ b/tests/backend_tls_liveldap.conf
@@ -0,0 +1,23 @@
+[ldap]
+url = ldap://
+user = dc=Manager,dc=openstack,dc=org
+password = test
+suffix = dc=openstack,dc=org
+group_tree_dn = ou=UserGroups,dc=openstack,dc=org
+role_tree_dn = ou=Roles,dc=openstack,dc=org
+tenant_tree_dn = ou=Projects,dc=openstack,dc=org
+domain_tree_dn = ou=Domains,dc=openstack,dc=org
+user_tree_dn = ou=Users,dc=openstack,dc=org
+tenant_enabled_emulation = True
+user_enabled_emulation = True
+domain_enabled_emulation = True
+user_mail_attribute = mail
+use_dumb_member = True
+use_tls = True
+tls_cacertfile = /etc/keystone/ssl/certs/cacert.pem
+tls_cacertdir = /etc/keystone/ssl/certs/
+tls_req_cert = demand
+
+[identity]
+driver = keystone.identity.backends.ldap.Identity
+