From 1183f3ebc8ace74f8413b80d23b67b2d14094432 Mon Sep 17 00:00:00 2001
From: Vishvananda Ishaya <vishvananda@yahoo.com>
Date: Thu, 24 Jun 2010 04:11:54 +0100
Subject: nasa ldap defaults

---
 nova/auth/slap.sh  | 26 ++++++++++++++++++++++++++
 nova/auth/users.py |  6 +++++-
 2 files changed, 31 insertions(+), 1 deletion(-)

(limited to 'nova/auth')

diff --git a/nova/auth/slap.sh b/nova/auth/slap.sh
index c3369e396..44a041d74 100755
--- a/nova/auth/slap.sh
+++ b/nova/auth/slap.sh
@@ -213,6 +213,32 @@ description: Special account for authenticating users
 userPassword: {MD5}TLnIqASP0CKUR3/LGkEZGg==
 objectClass: account
 objectClass: simpleSecurityObject
+
+# create the sysadmin entry
+
+dn: cn=sysadmins,ou=Groups,dc=example,dc=com
+objectclass: groupOfNames
+cn: sysadmins
+description: IT admin group
+member: uid=admin,ou=Users,dc=example,dc=com
+
+dn: cn=netadmins,ou=Groups,dc=example,dc=com
+objectclass: groupOfNames
+cn: netadmins
+description: Network admin group
+member: uid=admin,ou=Users,dc=example,dc=com
+
+dn: cn=cloudadmins,ou=Groups,dc=example,dc=com
+objectclass: groupOfNames
+cn: cloudadmins
+description: Cloud admin group
+member: uid=admin,ou=Users,dc=example,dc=com
+
+dn: cn=itsec,ou=Groups,dc=example,dc=com
+objectclass: groupOfNames
+cn: itsec
+description: IT security users group
+member: uid=admin,ou=Users,dc=example,dc=com
 BASE_LDIF_EOF
 
 /etc/init.d/slapd stop
diff --git a/nova/auth/users.py b/nova/auth/users.py
index f3248166c..118740182 100644
--- a/nova/auth/users.py
+++ b/nova/auth/users.py
@@ -58,16 +58,20 @@ flags.DEFINE_string('role_ldap_subtree', 'ou=Groups,dc=example,dc=com', 'OU for
 # mapping with these flags is necessary because we're going to tie in to an existing ldap schema
 flags.DEFINE_string('ldap_cloudadmin',
     'cn=cloudadmins,ou=Groups,dc=example,dc=com', 'cn for Cloud Admins')
+flags.DEFINE_string('ldap_itsec',
+    'cn=itsec,ou=Groups,dc=example,dc=com', 'cn for ItSec')
 flags.DEFINE_string('ldap_sysadmin',
     'cn=sysadmins,ou=Groups,dc=example,dc=com', 'cn for Sysadmins')
 flags.DEFINE_string('ldap_netadmin',
     'cn=netadmins,ou=Groups,dc=example,dc=com', 'cn for NetAdmins')
+flags.DEFINE_string('ldap_developer',
+    'cn=developers,ou=Groups,dc=example,dc=com', 'cn for Developers')
 
 # a user with one of these roles will be a superuser and have access to all api commands
 flags.DEFINE_list('superuser_roles', ['cloudadmin'], 'roles that ignore rbac checking completely')
 
 # a user with one of these roles will have it for every project, even if he or she is not a member of the project
-flags.DEFINE_list('global_roles', ['cloudadmin'], 'roles that apply to all projects')
+flags.DEFINE_list('global_roles', ['cloudadmin', 'itsec'], 'roles that apply to all projects')
 
 flags.DEFINE_string('credentials_template',
                     utils.abspath('auth/novarc.template'),
-- 
cgit