The keystone.identity.backends.ldap.core Module

class keystone.identity.backends.ldap.core.ApiShim(conf)

Bases: object

Quick singleton-y shim to get around recursive dependencies.

NOTE(termie): this should be removed and the cross-api code should be moved into the driver itself.

domain
group
project
role
user
class keystone.identity.backends.ldap.core.ApiShimMixin

Bases: object

Mixin to share some ApiShim code. Remove me.

domain_api
group_api
project_api
role_api
user_api
class keystone.identity.backends.ldap.core.DomainApi(conf)

Bases: keystone.common.ldap.core.EnabledEmuMixIn, keystone.common.ldap.core.BaseLdap, keystone.identity.backends.ldap.core.ApiShimMixin

DEFAULT_ATTRIBUTE_IGNORE = []
DEFAULT_ID_ATTR = 'cn'
DEFAULT_MEMBER_ATTRIBUTE = 'member'
DEFAULT_OBJECTCLASS = 'groupOfNames'
DEFAULT_OU = 'ou=Domains'
DEFAULT_STRUCTURAL_CLASSES = []
attribute_mapping = {'domainId': 'cn', 'enabled': 'enabled', 'name': 'ou', 'description': 'description'}
create(values)
delete(id)
get(id, filter=None)

Replaces exception.NotFound with exception.DomainNotFound.

model

alias of Domain

options_name = 'domain'
update(id, values)
class keystone.identity.backends.ldap.core.GroupApi(conf)

Bases: keystone.common.ldap.core.BaseLdap, keystone.identity.backends.ldap.core.ApiShimMixin

DEFAULT_ATTRIBUTE_IGNORE = []
DEFAULT_ID_ATTR = 'cn'
DEFAULT_MEMBER_ATTRIBUTE = 'member'
DEFAULT_OBJECTCLASS = 'groupOfNames'
DEFAULT_OU = 'ou=UserGroups'
DEFAULT_STRUCTURAL_CLASSES = []
NotFound

alias of GroupNotFound

add_user(user_id, group_id)
attribute_mapping = {'domain_id': 'domain_id', 'name': 'ou', 'groupId': 'cn', 'description': 'description'}
create(values)
delete(id)
list_group_users(group_id)

Returns a list of users that belong to a group

list_user_groups(user_id)

Returns a list of groups a user has access to

model

alias of Group

options_name = 'group'
remove_user(user_id, group_id)
update(id, values)
class keystone.identity.backends.ldap.core.GroupRoleAssociation(group_id=None, role_id=None, tenant_id=None, *args, **kw)

Bases: object

Role Grant model.

class keystone.identity.backends.ldap.core.Identity

Bases: keystone.identity.core.Driver

add_role_to_user_and_project(user_id, tenant_id, role_id)
add_user_to_group(user_id, group_id)
authenticate(user_id=None, tenant_id=None, password=None)

Authenticate based on a user, tenant and password.

Expects the user object to have a password field and the tenant to be in the list of tenants on the user.

check_user_in_group(user_id, group_id)
create_domain(domain_id, domain)
create_group(group_id, group)
create_metadata(user_id, tenant_id, metadata)
create_project(tenant_id, tenant)
create_role(role_id, role)
create_user(user_id, user)
delete_domain(domain_id)
delete_group(group_id)
delete_project(tenant_id)
delete_role(role_id)
delete_user(user_id)
get_domain(domain_id)
get_group(group_id)
get_metadata(user_id=None, tenant_id=None, domain_id=None, group_id=None)
get_project(tenant_id)
get_project_by_name(tenant_name, domain_id)
get_project_users(tenant_id)
get_projects_for_user(user_id)
get_role(role_id)
get_roles_for_user_and_project(user_id, tenant_id)
get_user(user_id)
get_user_by_name(user_name, domain_id)
list_domains()
list_groups()
list_groups_for_user(user_id)
list_projects()
list_roles()
list_users()
list_users_in_group(group_id)
remove_role_from_user_and_project(user_id, tenant_id, role_id)
remove_user_from_group(user_id, group_id)
update_domain(domain_id, domain)
update_group(group_id, group)
update_project(tenant_id, tenant)
update_role(role_id, role)
update_user(user_id, user)
class keystone.identity.backends.ldap.core.ProjectApi(conf)

Bases: keystone.common.ldap.core.EnabledEmuMixIn, keystone.common.ldap.core.BaseLdap, keystone.identity.backends.ldap.core.ApiShimMixin

DEFAULT_ATTRIBUTE_IGNORE = []
DEFAULT_ID_ATTR = 'cn'
DEFAULT_MEMBER_ATTRIBUTE = 'member'
DEFAULT_OBJECTCLASS = 'groupOfNames'
DEFAULT_OU = 'ou=Groups'
DEFAULT_STRUCTURAL_CLASSES = []
NotFound

alias of ProjectNotFound

add_user(tenant_id, user_id)
attribute_mapping = {'domain_id': 'domain_id', 'tenantId': 'cn', 'enabled': 'enabled', 'name': 'ou', 'description': 'description'}
create(values)
delete(id)
get_role_assignments(tenant_id)
get_user_projects(user_id)

Returns list of tenants a user has access to

get_users(tenant_id, role_id=None)
model

alias of Project

notfound_arg = 'project_id'
options_name = 'tenant'
remove_user(tenant_id, user_id)
update(id, values)
class keystone.identity.backends.ldap.core.RoleApi(conf)

Bases: keystone.common.ldap.core.BaseLdap, keystone.identity.backends.ldap.core.ApiShimMixin

DEFAULT_ATTRIBUTE_IGNORE = []
DEFAULT_MEMBER_ATTRIBUTE = 'roleOccupant'
DEFAULT_OBJECTCLASS = 'organizationalRole'
DEFAULT_OU = 'ou=Roles'
DEFAULT_STRUCTURAL_CLASSES = []
NotFound

alias of RoleNotFound

add_user(role_id, user_id, tenant_id=None)
attribute_mapping = {'name': 'cn'}
create(values)
delete(id)
delete_user(role_id, user_id, tenant_id)
get(id, filter=None)
get_role_assignments(tenant_id)
list_global_roles_for_user(user_id)
list_project_roles_for_user(user_id, tenant_id=None)
model

alias of Role

options_name = 'role'
roles_delete_subtree_by_project(tenant_id)
roles_delete_subtree_by_type(id, type)
update(role_id, role)
class keystone.identity.backends.ldap.core.UserApi(conf)

Bases: keystone.common.ldap.core.EnabledEmuMixIn, keystone.common.ldap.core.BaseLdap, keystone.identity.backends.ldap.core.ApiShimMixin

DEFAULT_ATTRIBUTE_IGNORE = ['tenant_id', 'tenants']
DEFAULT_ID_ATTR = 'cn'
DEFAULT_OBJECTCLASS = 'inetOrgPerson'
DEFAULT_OU = 'ou=Users'
DEFAULT_STRUCTURAL_CLASSES = ['person']
NotFound

alias of UserNotFound

attribute_mapping = {'domain_id': 'domain_id', 'password': 'userPassword', 'enabled': 'enabled', 'email': 'mail', 'name': 'sn'}
check_password(user_id, password)
create(values)
delete(id)
mask_enabled_attribute(values)
model

alias of User

options_name = 'user'
update(id, values)
class keystone.identity.backends.ldap.core.UserRoleAssociation(user_id=None, role_id=None, tenant_id=None, *args, **kw)

Bases: object

Role Grant model.

Previous topic

The keystone.identity.backends.kvs Module

Next topic

The keystone.identity.backends.pam Module

This Page