environments/services/keystone_domain_specific_ldap_backend.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

# This is an example template on how to configure keystone domain specific LDAP
# backends. This will configure a domain called tripleoldap will the attributes
# specified.
parameter_defaults:
  KeystoneLDAPDomainEnable: true
  KeystoneLDAPBackendConfigs:
    tripleoldap:
      url: ldap://192.0.2.250
      user: cn=openstack,ou=Users,dc=tripleo,dc=example,dc=com
      password: Secrete
      suffix: dc=tripleo,dc=example,dc=com
      user_tree_dn: ou=Users,dc=tripleo,dc=example,dc=com
      user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=tripleo,dc=example,dc=com)"
      user_objectclass: person
      user_id_attribute: cn
      user_allow_create: false
      user_allow_update: false
      user_allow_delete: false