Ldap configuration changes:
- added new parameter: user_attribute_ignore (string) to manage it
- added new parameter: group_mapping (bool) to disable group mapping block
- fixed tests and doc for multiple ldap parameters
- done some code sugar fix: indentation
Prod-Related: PROD-32324
Change-Id: I6e73c9a55f205ce04e4a8dc91e661e0d833f6748
diff --git a/tests/pillar/single.sls b/tests/pillar/single.sls
index 697e40e..ba1ef77 100644
--- a/tests/pillar/single.sls
+++ b/tests/pillar/single.sls
@@ -185,10 +185,24 @@
backend: sql
driver: keystone.assignment.backends.sql.Assignment
ldap:
+ group_mapping: False
url: "ldaps://idm.domain.com"
suffix: "dc=cloud,dc=domain,dc=com"
uid: keystone
password: password
+ query_scope: "sub"
+ bind_user: "CN=lab,CN=users,${keystone:server:domain:testing:ldap:suffix}"
+ filter:
+ user: "(memberOf=CN=Grp-atm-admins,CN=Users,${keystone:server:domain:testing:ldap:suffix})"
+ user_tree_dn: "CN=users,${keystone:server:domain:testing:ldap:suffix}"
+ user_id_attribute: "sAMAccountName"
+ user_name_attribute: "sAMAccountName"
+ user_pass_attribute: ""
+ user_enabled_default: 512
+ user_enabled_mask: 2
+ user_enabled_attribute: "userAccountControl"
+ user_attribute_ignore: "password,tenant_id,tenants"
+
# Client state
client:
enabled: false