The keystone.identity.backends.ldap.core Module

class keystone.identity.backends.ldap.core.ApiShim(conf)

Bases: object

Quick singleton-y shim to get around recursive dependencies.

NOTE(termie): this should be removed and the cross-api code should be moved into the driver itself.

group
project
role
user
class keystone.identity.backends.ldap.core.ApiShimMixin

Bases: object

Mixin to share some ApiShim code. Remove me.

group_api
project_api
role_api
user_api
class keystone.identity.backends.ldap.core.GroupApi(conf)

Bases: keystone.common.ldap.core.BaseLdap, keystone.identity.backends.ldap.core.ApiShimMixin

DEFAULT_ATTRIBUTE_IGNORE = []
DEFAULT_ID_ATTR = 'cn'
DEFAULT_MEMBER_ATTRIBUTE = 'member'
DEFAULT_OBJECTCLASS = 'groupOfNames'
DEFAULT_OU = 'ou=UserGroups'
DEFAULT_STRUCTURAL_CLASSES = []
attribute_mapping = {'domain_id': 'domain_id', 'name': 'ou', 'groupId': 'cn', 'description': 'desc'}
create(values)
delete(id)
get(id, filter=None)

Replaces exception.NotFound with exception.GroupNotFound.

get_by_name(name, filter=None)
model

alias of Group

options_name = 'group'
update(id, values)
class keystone.identity.backends.ldap.core.GroupRoleAssociation(group_id=None, role_id=None, tenant_id=None, *args, **kw)

Bases: object

Role Grant model.

class keystone.identity.backends.ldap.core.Identity

Bases: keystone.identity.core.Driver

add_role_to_user_and_project(user_id, tenant_id, role_id)
authenticate(user_id=None, tenant_id=None, password=None)

Authenticate based on a user, tenant and password.

Expects the user object to have a password field and the tenant to be in the list of tenants on the user.

create_group(group_id, group)
create_metadata(user_id, tenant_id, metadata)
create_project(tenant_id, tenant)
create_role(role_id, role)
create_user(user_id, user)
delete_group(group_id)
delete_project(tenant_id)
delete_role(role_id)
delete_user(user_id)
get_connection(user=None, password=None)
get_group(group_id)
get_metadata(user_id, tenant_id)
get_project(tenant_id)
get_project_by_name(tenant_name, domain_id)
get_project_users(tenant_id)
get_projects_for_user(user_id)
get_role(role_id)
get_roles_for_user_and_project(user_id, tenant_id)
get_user(user_id)
get_user_by_name(user_name, domain_id)
list_projects()
list_roles()
list_users()
remove_role_from_user_and_project(user_id, tenant_id, role_id)
update_group(group_id, group)
update_project(tenant_id, tenant)
update_role(role_id, role)
update_user(user_id, user)
class keystone.identity.backends.ldap.core.ProjectApi(conf)

Bases: keystone.common.ldap.core.EnabledEmuMixIn, keystone.common.ldap.core.BaseLdap, keystone.identity.backends.ldap.core.ApiShimMixin

DEFAULT_ATTRIBUTE_IGNORE = []
DEFAULT_ID_ATTR = 'cn'
DEFAULT_MEMBER_ATTRIBUTE = 'member'
DEFAULT_OBJECTCLASS = 'groupOfNames'
DEFAULT_OU = 'ou=Groups'
DEFAULT_STRUCTURAL_CLASSES = []
add_user(tenant_id, user_id)
attribute_mapping = {'domain_id': 'domain_id', 'tenantId': 'cn', 'enabled': 'enabled', 'name': 'ou', 'description': 'desc'}
create(values)
delete(id)
get(id, filter=None)

Replaces exception.NotFound with exception.ProjectNotFound.

get_by_name(name, filter=None)
get_role_assignments(tenant_id)
get_user_projects(user_id)

Returns list of tenants a user has access to

get_users(tenant_id, role_id=None)
is_empty(id)
list_for_user_get_page(user, marker, limit)
list_for_user_get_page_markers(user, marker, limit)
model

alias of Project

options_name = 'tenant'
remove_user(tenant_id, user_id)
update(id, values)
class keystone.identity.backends.ldap.core.RoleApi(conf)

Bases: keystone.common.ldap.core.BaseLdap, keystone.identity.backends.ldap.core.ApiShimMixin

DEFAULT_ATTRIBUTE_IGNORE = []
DEFAULT_MEMBER_ATTRIBUTE = 'roleOccupant'
DEFAULT_OBJECTCLASS = 'organizationalRole'
DEFAULT_OU = 'ou=Roles'
DEFAULT_STRUCTURAL_CLASSES = []
add_user(role_id, user_id, tenant_id=None)
attribute_mapping = {'name': 'cn'}
create(values)
delete(id)
delete_user(role_id, user_id, tenant_id)
get(id, filter=None)
get_by_name(name, filter=None)
get_by_service(service_id)
get_by_service_get_page(service_id, marker, limit)
get_by_service_get_page_markers(service_id, marker, limit)
get_role_assignments(tenant_id)
list_global_roles_for_user(user_id)
list_project_roles_for_user(user_id, tenant_id=None)
model

alias of Role

options_name = 'role'
roles_delete_subtree_by_project(tenant_id)
update(role_id, role)
class keystone.identity.backends.ldap.core.UserApi(conf)

Bases: keystone.common.ldap.core.EnabledEmuMixIn, keystone.common.ldap.core.BaseLdap, keystone.identity.backends.ldap.core.ApiShimMixin

DEFAULT_ATTRIBUTE_IGNORE = ['tenant_id', 'tenants']
DEFAULT_ID_ATTR = 'cn'
DEFAULT_OBJECTCLASS = 'inetOrgPerson'
DEFAULT_OU = 'ou=Users'
DEFAULT_STRUCTURAL_CLASSES = ['person']
attribute_mapping = {'domain_id': 'domain_id', 'password': 'userPassword', 'enabled': 'enabled', 'email': 'mail', 'name': 'sn'}
check_password(user_id, password)
create(values)
delete(id)
get(id, filter=None)

Replaces exception.NotFound with exception.UserNotFound.

get_by_email(email)
get_by_name(name, filter=None)
get_by_project(user_id, tenant_id)
mask_enabled_attribute(values)
model

alias of User

options_name = 'user'
update(id, values)
user_role_add(values)
user_roles_by_project(user_id, tenant_id)
users_get_by_project_get_page(tenant_id, role_id, marker, limit)
users_get_by_project_get_page_markers(tenant_id, role_id, marker, limit)
users_get_page(marker, limit)
users_get_page_markers(marker, limit)
class keystone.identity.backends.ldap.core.UserRoleAssociation(user_id=None, role_id=None, tenant_id=None, *args, **kw)

Bases: object

Role Grant model.

keystone.identity.backends.ldap.core.create_role_ref(role_id, tenant_id, user_id)

Previous topic

The keystone.identity.backends.kvs Module

Next topic

The keystone.identity.backends.pam Module

This Page