From 4fae928c59beaa558306a5aa3a3aa5c6f4945b70 Mon Sep 17 00:00:00 2001 From: Henry Nash Date: Thu, 13 Dec 2012 16:48:13 +0000 Subject: Keystone server support for user groups This implements the server side of groups of users. This set of code provides all the crud functionality for groups as well as the corresponding support for role assignments. blueprint user-groups The following deficiencies existing with the current version and will be corrected ahead of the final Grizzly release: 1) There is only placeholder support for LDAP (Bug #1092187) 2) Domain role grants are accepted but not yet honored (Bug #1093248) 3) Token invalidation does not occur with group changes (Bug #1093493) This update also fills in missing v3 grant unit testing and v3 grant support within the kvs backend. In addition, there is a fix for Bug #1092200 (uncaught exception when listing grants) DocImpact Change-Id: Ibd1783b04b2d7804eff90312e5ef591dca4d0695 --- keystone/config.py | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'keystone/config.py') diff --git a/keystone/config.py b/keystone/config.py index 9d4da38a..c26a518c 100644 --- a/keystone/config.py +++ b/keystone/config.py @@ -226,6 +226,17 @@ register_bool('role_allow_create', group='ldap', default=True) register_bool('role_allow_update', group='ldap', default=True) register_bool('role_allow_delete', group='ldap', default=True) +register_str('group_tree_dn', group='ldap', default=None) +register_str('group_filter', group='ldap', default=None) +register_str('group_objectclass', group='ldap', default='groupOfNames') +register_str('group_id_attribute', group='ldap', default='cn') +register_str('group_name_attribute', group='ldap', default='ou') +register_str('group_member_attribute', group='ldap', default='member') +register_str('group_desc_attribute', group='ldap', default='desc') +register_list('group_attribute_ignore', group='ldap', default='') +register_bool('group_allow_create', group='ldap', default=True) +register_bool('group_allow_update', group='ldap', default=True) +register_bool('group_allow_delete', group='ldap', default=True) #pam register_str('url', group='pam', default=None) register_str('userid', group='pam', default=None) -- cgit