diff options
| author | Vishvananda Ishaya <vishvananda@yahoo.com> | 2010-06-24 04:11:54 +0100 |
|---|---|---|
| committer | andy <github@anarkystic.com> | 2010-06-24 04:11:54 +0100 |
| commit | 1183f3ebc8ace74f8413b80d23b67b2d14094432 (patch) | |
| tree | 574f766541d58ad1a92017cb4ff491ad08acb0dd /nova/auth | |
| parent | bf448e27a31a93f65d01001ccfad1511b9557afa (diff) | |
nasa ldap defaults
Diffstat (limited to 'nova/auth')
| -rwxr-xr-x | nova/auth/slap.sh | 26 | ||||
| -rw-r--r-- | nova/auth/users.py | 6 |
2 files changed, 31 insertions, 1 deletions
diff --git a/nova/auth/slap.sh b/nova/auth/slap.sh index c3369e396..44a041d74 100755 --- a/nova/auth/slap.sh +++ b/nova/auth/slap.sh @@ -213,6 +213,32 @@ description: Special account for authenticating users userPassword: {MD5}TLnIqASP0CKUR3/LGkEZGg== objectClass: account objectClass: simpleSecurityObject + +# create the sysadmin entry + +dn: cn=sysadmins,ou=Groups,dc=example,dc=com +objectclass: groupOfNames +cn: sysadmins +description: IT admin group +member: uid=admin,ou=Users,dc=example,dc=com + +dn: cn=netadmins,ou=Groups,dc=example,dc=com +objectclass: groupOfNames +cn: netadmins +description: Network admin group +member: uid=admin,ou=Users,dc=example,dc=com + +dn: cn=cloudadmins,ou=Groups,dc=example,dc=com +objectclass: groupOfNames +cn: cloudadmins +description: Cloud admin group +member: uid=admin,ou=Users,dc=example,dc=com + +dn: cn=itsec,ou=Groups,dc=example,dc=com +objectclass: groupOfNames +cn: itsec +description: IT security users group +member: uid=admin,ou=Users,dc=example,dc=com BASE_LDIF_EOF /etc/init.d/slapd stop diff --git a/nova/auth/users.py b/nova/auth/users.py index f3248166c..118740182 100644 --- a/nova/auth/users.py +++ b/nova/auth/users.py @@ -58,16 +58,20 @@ flags.DEFINE_string('role_ldap_subtree', 'ou=Groups,dc=example,dc=com', 'OU for # mapping with these flags is necessary because we're going to tie in to an existing ldap schema flags.DEFINE_string('ldap_cloudadmin', 'cn=cloudadmins,ou=Groups,dc=example,dc=com', 'cn for Cloud Admins') +flags.DEFINE_string('ldap_itsec', + 'cn=itsec,ou=Groups,dc=example,dc=com', 'cn for ItSec') flags.DEFINE_string('ldap_sysadmin', 'cn=sysadmins,ou=Groups,dc=example,dc=com', 'cn for Sysadmins') flags.DEFINE_string('ldap_netadmin', 'cn=netadmins,ou=Groups,dc=example,dc=com', 'cn for NetAdmins') +flags.DEFINE_string('ldap_developer', + 'cn=developers,ou=Groups,dc=example,dc=com', 'cn for Developers') # a user with one of these roles will be a superuser and have access to all api commands flags.DEFINE_list('superuser_roles', ['cloudadmin'], 'roles that ignore rbac checking completely') # a user with one of these roles will have it for every project, even if he or she is not a member of the project -flags.DEFINE_list('global_roles', ['cloudadmin'], 'roles that apply to all projects') +flags.DEFINE_list('global_roles', ['cloudadmin', 'itsec'], 'roles that apply to all projects') flags.DEFINE_string('credentials_template', utils.abspath('auth/novarc.template'), |