Ask Your Question
0

Keystone LDAP default structural class for users

asked 2013-10-02 12:33:00 -0500

asgreene gravatar image

Keystone allows one to specify the objectclass that represents users in LDAP, but is hard-coded to add 'person' as a structural class.

#keystone/identity/backends/ldap.py
#TODO(termie): turn this into a data object and move logic to driver
class UserApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap):
    DEFAULT_OU = 'ou=Users'
    DEFAULT_STRUCTURAL_CLASSES = ['person']

This prevents the usage of custom object classes in an LDAP that do not inherit from person. Person brings attribute baggage along with it. Why is the person structural class hard-coded in here? Shouldn't it be either absent or configurable. If the LDAP class is being specified, let that be the object class and stipulate that it must be structural.

Am I missing something? Is there some rationale for this?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-06-28 16:29:40 -0500

That is just the default. The classes used are specified in the config:

http://git.openstack.org/cgit/opensta...

user_objectclass = cfg.StrOpt( 'user_objectclass', default='inetOrgPerson', help=utils.fmt("""
LDAP objectclass for users. """))

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-10-02 12:33:00 -0500

Seen: 140 times

Last updated: Jun 28 '16