commit 6cd7d1e93d26e05f6cc4c2608fc66b7afe246176
author Ivan Berezovskiy <iberezovskiy@mirantis.com> Fri Aug 23 14:06:13 2019 +0400
committer Ivan Berezovskiy <iberezovskiy@mirantis.com> Fri Aug 23 14:06:13 2019 +0400
tree ed549538b5c0d47ce2f2f4b994be4599dff85a2e
parent b0d6c2493d456ee6d75e78438aaa6e329839e001

Add ability to configure several additional ldap options

PROD-32200

Change-Id: I1af3e8e49c419fb6895008501f02ce529ac76793

keystone/files/_ldap.conf

diff --git a/keystone/files/_ldap.conf b/keystone/files/_ldap.conf
index 595ccd1..1987c61 100644
--- a/keystone/files/_ldap.conf
+++ b/keystone/files/_ldap.conf
@@ -12,6 +12,12 @@
 suffix = {{ ldap.suffix }}
 query_scope = {{ ldap.get("query_scope", "one") }}
 page_size = {{ ldap.get("page_size", "0") }}
+{%- if ldap.alias_dereferencing is defined %}
+alias_dereferencing = {{ ldap.alias_dereferencing }}
+{%- endif %}
+{%- if ldap.debug_level is defined %}
+debug_level = {{ ldap.debug_level }}
+{%- endif %}
 chase_referrals = {{ ldap.get("chase_referrals", False) }}
 
 # User mapping
@@ -23,6 +29,9 @@
 user_objectclass = {{ ldap.get("user_objectclass", "person") }}
 user_id_attribute = {{ ldap.get("user_id_attribute", "uid") }}
 user_name_attribute = {{ ldap.get("user_name_attribute", "uid") }}
+{%- if ldap.user_description_attribute is defined %}
+user_description_attribute = {{ ldap.user_description_attribute }}
+{%- endif %}
 user_mail_attribute = {{ ldap.get("user_mail_attribute", "mail") }}
 user_pass_attribute = {{ ldap.get("user_pass_attribute", "password") }}
 {%- if ldap.get('read_only', True) %}
@@ -32,6 +41,12 @@
 {%- endif %}
 user_enabled_attribute = {{ ldap.get("user_enabled_attribute", "nsAccountLock") }}
 user_enabled_default = {{ ldap.get("user_enabled_default", False) }}
+{%- if ldap.user_attribute_ignore is defined %}
+user_attribute_ignore = {{ ldap.user_attribute_ignore }}
+{%- endif %}
+{%- if ldap.user_default_project_id_attribute is defined %}
+user_default_project_id_attribute = {{ ldap.user_default_project_id_attribute }}
+{%- endif %}
 user_enabled_invert = {{ ldap.get("user_enabled_invert", True) }}
 user_enabled_mask = {{ ldap.get("user_enabled_mask", 0) }}
 {%- if ldap.get('filter', {}).get('user', False) %}
@@ -46,6 +61,9 @@
 {%- if ldap.user_enabled_emulation_use_group_config is defined %}
 user_enabled_emulation_use_group_config = {{ ldap.user_enabled_emulation_use_group_config }}
 {%- endif %}
+{%- if ldap.user_additional_attribute_mapping is defined %}
+user_additional_attribute_mapping = {{ ldap.user_additional_attribute_mapping }}
+{%- endif %}
 
 # Group mapping
 {%- if ldap.group_tree_dn is defined  %}
@@ -58,6 +76,15 @@
 group_name_attribute = {{ ldap.get("group_name_attribute", "cn") }}
 group_member_attribute = {{ ldap.get("group_member_attribute", "member") }}
 group_desc_attribute = {{ ldap.get("group_desc_attribute", "description") }}
+{%- if ldap.group_attribute_ignore is defined %}
+group_attribute_ignore = {{ ldap.group_attribute_ignore }}
+{%- endif %}
+{%- if ldap.group_additional_attribute_mapping is defined %}
+group_additional_attribute_mapping = {{ ldap.group_additional_attribute_mapping }}
+{%- endif %}
+{%- if ldap.group_ad_nesting is defined %}
+group_ad_nesting = {{ ldap.group_ad_nesting }}
+{%- endif %}
 {%- if ldap.get('read_only', True) %}
 group_allow_create = false
 group_allow_update = false