X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=3rdparty%2Fmodules%2Fkeystone%2Fexamples%2Fldap_full.pp;fp=3rdparty%2Fmodules%2Fkeystone%2Fexamples%2Fldap_full.pp;h=0000000000000000000000000000000000000000;hb=6e1426dc77fb4e5d51f07c187c6f2219431dc31e;hp=09ce7c8eff21252030d4eaab0a7e0fb24fa87543;hpb=87423ba664cd5f2bb462ebadd08b1a90d0fe1c8d;p=mirror%2Fdsa-puppet.git diff --git a/3rdparty/modules/keystone/examples/ldap_full.pp b/3rdparty/modules/keystone/examples/ldap_full.pp deleted file mode 100644 index 09ce7c8ef..000000000 --- a/3rdparty/modules/keystone/examples/ldap_full.pp +++ /dev/null @@ -1,72 +0,0 @@ -# A full example from a real deployment that allows Keystone to modify -# everything except users, uses enabled_emulation, and ldaps - -# Ensure this matches what is in LDAP or keystone will try to recreate -# the admin user -class { '::keystone::roles::admin': - email => 'test@example.com', - password => 'ChangeMe', -} - -# You can test this connection with ldapsearch first to ensure it works. -# LDAP configurations are *highly* dependent on your setup and this file -# will need to be tweaked. This sample talks to ldap.example.com, here is -# an example of ldapsearch that will search users on this box: -# ldapsearch -v -x -H 'ldap://example.com:389' -D \ -# "uid=bind,cn=users,cn=accounts,dc=example,dc=com" -w SecretPass \ -# -b cn=users,cn=accounts,dc=example,dc=com -class { '::keystone:ldap': - url => 'ldap://ldap.example.com:389', - user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com', - password => 'SecretPass', - suffix => 'dc=example,dc=com', - query_scope => 'sub', - user_tree_dn => 'cn=users,cn=accounts,dc=example,dc=com', - user_id_attribute => 'uid', - user_name_attribute => 'uid', - user_mail_attribute => 'mail', - user_allow_create => 'False', - user_allow_update => 'False', - user_allow_delete => 'False', - user_enabled_emulation => 'True', - user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com', - group_tree_dn => 'ou=groups,ou=openstack,dc=example,dc=com', - group_objectclass => 'organizationalRole', - group_id_attribute => 'cn', - group_name_attribute => 'cn', - group_member_attribute => 'RoleOccupant', - group_desc_attribute => 'description', - group_allow_create => 'True', - group_allow_update => 'True', - group_allow_delete => 'True', - project_tree_dn => 'ou=projects,ou=openstack,dc=example,dc=com', - project_objectclass => 'organizationalUnit', - project_id_attribute => 'ou', - project_member_attribute => 'member', - project_name_attribute => 'ou', - project_desc_attribute => 'description', - project_allow_create => 'True', - project_allow_update => 'True', - project_allow_delete => 'True', - project_enabled_emulation => 'True', - project_enabled_emulation_dn => 'cn=enabled,ou=openstack,dc=example,dc=com', - role_tree_dn => 'ou=roles,ou=openstack,dc=example,dc=com', - role_objectclass => 'organizationalRole', - role_id_attribute => 'cn', - role_name_attribute => 'cn', - role_member_attribute => 'roleOccupant', - role_allow_create => 'True', - role_allow_update => 'True', - role_allow_delete => 'True', - identity_driver => 'keystone.identity.backends.ldap.Identity', - assignment_driver => 'keystone.assignment.backends.ldap.Assignment', - use_tls => 'True', - tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt', - tls_req_cert => 'demand', - use_pool => 'True', - use_auth_pool => 'True', - pool_size => 5, - auth_pool_size => 5, - pool_retry_max => 3, - pool_connection_timeout => 120, -}