1 # Example using LDAP to manage user identity only.
2 # This setup will not allow changes to users.
4 # Ensure this matches what is in LDAP or keystone will try to recreate
6 class { '::keystone::roles::admin':
7 email => 'test@example.com',
8 password => 'ChangeMe',
11 # You can test this connection with ldapsearch first to ensure it works.
12 # This was tested against a FreeIPA box, you will likely need to change the
13 # attributes to match your configuration.
14 class { '::keystone:ldap':
15 identity_driver => 'keystone.identity.backends.ldap.Identity',
16 url => 'ldap://ldap.example.com:389',
17 user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com',
18 password => 'SecretPass',
19 suffix => 'dc=example,dc=com',
21 user_tree_dn => 'cn=users,cn=accounts,dc=example,dc=com',
22 user_id_attribute => 'uid',
23 user_name_attribute => 'uid',
24 user_mail_attribute => 'mail',
25 user_allow_create => 'False',
26 user_allow_update => 'False',
27 user_allow_delete => 'False'