配置如下:
[identity]
driver = keystone.identity.backends.ldap.Identity
[ldap]
url = ldap://localhost
user = cn=Manager,dc=openstack,dc=org
password = 123456
suffix = dc=openstack,dc=org
query_scope = sub
page_size =0
alias_dereferencing = default
user_tree_dn = ou=Users,dc=openstack,dc=org
user_objectclass = organizationalPerson
user_id_attribute = cn
user_name_attribute = sn
user_mail_attribute = mail
user_pass_attribute = userPassword
user_enabled_attribute = st
user_enabled_mask =2
user_enabled_invert = False
user_enabled_default = 51
user_attribute_ignore = default_project_id,tenants
group_tree_dn = ou=Groups,dc=openstack,dc=org
group_objectclass = groupOfNames
group_id_attribute = cn
group_name_attribute = ou
group_member_attribute = member
group_desc_attribute = description
role_tree_dn = ou=Roles,dc=openstack,dc=org
role_objectclass = organizationalRole
role_id_attribute = cn
role_name_attribute = cn
role_member_attribute = roleOccupant
部分账号
[root@controller httpd]# ldapsearch -x -LLL -H ldap:/// -b dc=openstack,dc=org
dn: dc=openstack,dc=org
objectClass: dcObject
objectClass: organization
dc: openstack
o: Openstack,Inc.
dn: ou=Groups,dc=openstack,dc=org
objectClass: organizationalUnit
objectClass: top
ou: Groups
dn: ou=Roles,dc=openstack,dc=org
objectClass: organizationalUnit
objectClass: top
ou: Roles
dn: ou=Users,dc=openstack,dc=org
objectClass: organizationalUnit
objectClass: top
ou: Users
dn: cn=admin,ou=Roles,dc=openstack,dc=org
cn: admin
objectClass: organizationalRole
objectClass: top
dn: cn=user,ou=Roles,dc=openstack,dc=org
cn: user
objectClass: organizationalRole
objectClass: top
dn: cn=admin,ou=Users,dc=openstack,dc=org
cn: admin
objectClass: organizationalPerson
objectClass: person
objectClass: top
sn: admin
userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
st: 1
dn: cn=admin,ou=Groups,dc=openstack,dc=org
cn: admin
member: cn=admin,ou=Users,dc=openstack,dc=org
objectClass: groupOfNames
objectClass: top
ou: admin
dn: cn=admin,cn=admin,ou=Groups,dc=openstack,dc=org
cn: admin
objectClass: organizationalRole
objectClass: top
roleOccupant: cn=admin,ou=Users,dc=openstack,dc=org
dn: cn=demo,ou=Users,dc=openstack,dc=org
cn: demo
objectClass: organizationalPerson
objectClass: person
objectClass: top
sn: demo
st: 1
userPassword:: e1NIQX1pZVNWNTVRYytlUU9hWURSU2hhL0Fqek5USkU9
dn: cn=demo,ou=Groups,dc=openstack,dc=org
cn: demo
member: cn=demo,ou=Users,dc=openstack,dc=org
objectClass: groupOfNames
objectClass: top
ou: demo
dn: cn=user,cn=demo,ou=Groups,dc=openstack,dc=org
cn: user
objectClass: organizationalRole
objectClass: top
roleOccupant: cn=demo,ou=Users,dc=openstack,dc=org
阅读(1593) | 评论(0) | 转发(0) |