Added possibility to set custom LDAP "user_enabled" attribute
Related-Prod: PROD-17582
Change-Id: Idda05607397145af7deaf6768f8ce4af73dcec4a
diff --git a/README.rst b/README.rst
index 8b80ef4..1d39d55 100644
--- a/README.rst
+++ b/README.rst
@@ -230,6 +230,28 @@
uid: keystone
password: password
+Using LDAP backend for default domain with "user_enabled" field emulation
+
+.. code-block:: yaml
+
+ keystone:
+ server:
+ backend: ldap
+ assignment:
+ backend: sql
+ ldap:
+ url: "ldap://idm.domain.com"
+ suffix: "ou=Openstack Service Users,o=domain.com"
+ bind_user: keystone
+ password: password
+ # Define LDAP "group" object class and "membership" attribute
+ group_objectclass: groupOfUniqueNames
+ group_member_attribute: uniqueMember
+ # User will receive "enabled" attribute basing on membership in "os-user-enabled" group
+ user_enabled_emulation: True
+ user_enabled_emulation_dn: "cn=os-user-enabled,ou=Openstack,o=domain.com"
+ user_enabled_emulation_use_group_config: True
+
Simple service endpoint definition (defaults to RegionOne)
.. code-block:: yaml