Table Of Contents

Previous topic

backends Package

Next topic

middleware Package

This Page

ldap Package

ldap Package

core Module

class keystone.identity.backends.ldap.core.ApiShim(conf)

Bases: object

Quick singleton-y shim to get around recursive dependencies.

NOTE(termie): this should be removed and the cross-api code should be moved into the driver itself.

role
tenant
user
class keystone.identity.backends.ldap.core.ApiShimMixin

Bases: object

Mixin to share some ApiShim code. Remove me.

role_api
tenant_api
user_api
class keystone.identity.backends.ldap.core.Identity

Bases: keystone.identity.core.Driver

add_role_to_user_and_tenant(user_id, tenant_id, role_id)
add_user_to_tenant(tenant_id, user_id)
authenticate(user_id=None, tenant_id=None, password=None)

Authenticate based on a user, tenant and password.

Expects the user object to have a password field and the tenant to be in the list of tenants on the user.

create_metadata(user_id, tenant_id, metadata)
create_role(role_id, role)
create_tenant(tenant_id, tenant)
create_user(user_id, user)
delete_role(role_id)
get_connection(user=None, password=None)
get_metadata(user_id, tenant_id)
get_role(role_id)
get_roles_for_user_and_tenant(user_id, tenant_id)
get_tenant(tenant_id)
get_tenant_by_name(tenant_name)
get_tenants_for_user(user_id)
get_user(user_id)
get_user_by_name(user_name)
update_tenant(tenant_id, tenant)
update_user(user_id, user)
class keystone.identity.backends.ldap.core.RoleApi(conf)

Bases: keystone.common.ldap.core.BaseLdap, keystone.identity.backends.ldap.core.ApiShimMixin

DEFAULT_MEMBER_ATTRIBUTE = 'roleOccupant'
DEFAULT_OBJECTCLASS = 'organizationalRole'
DEFAULT_OU = 'ou=Roles'
DEFAULT_STRUCTURAL_CLASSES = []
add_user(role_id, user_id, tenant_id=None)
attribute_mapping = {'name': 'cn'}
create(values)
get(id, filter=None)
get_by_name(name, filter=None)
get_by_service(service_id)
get_by_service_get_page(service_id, marker, limit)
get_by_service_get_page_markers(service_id, marker, limit)
get_role_assignments(tenant_id)
list_global_roles_for_user(user_id)
list_tenant_roles_for_user(user_id, tenant_id=None)
model

alias of Tenant

options_name = 'role'
rolegrant_delete(id)
rolegrant_get(id)
rolegrant_get_by_ids(user_id, role_id, tenant_id)
rolegrant_get_page(marker, limit, user_id, tenant_id)
rolegrant_get_page_markers(user_id, tenant_id, marker, limit)
rolegrant_list_by_role(id)
class keystone.identity.backends.ldap.core.TenantApi(conf)

Bases: keystone.common.ldap.core.BaseLdap, keystone.identity.backends.ldap.core.ApiShimMixin

DEFAULT_ID_ATTRIBUTE = 'cn'
DEFAULT_MEMBER_ATTRIBUTE = 'member'
DEFAULT_OBJECTCLASS = 'groupOfNames'
DEFAULT_OU = 'ou=Groups'
DEFAULT_STRUCTURAL_CLASSES = []
add_user(tenant_id, user_id)
attribute_mapping = {'description': 'desc', 'name': 'ou'}
create(values)
delete(id)
get_by_name(name, filter=None)
get_role_assignments(tenant_id)
get_user_tenants(user_id)

Returns list of tenants a user has access to

Always includes default tenants.

get_users(tenant_id, role_id=None)
is_empty(id)
list_for_user_get_page(user, marker, limit)
list_for_user_get_page_markers(user, marker, limit)
model

alias of Tenant

options_name = 'tenant'
remove_user(tenant_id, user_id)
update(id, values)
class keystone.identity.backends.ldap.core.UserApi(conf)

Bases: keystone.common.ldap.core.BaseLdap, keystone.identity.backends.ldap.core.ApiShimMixin

DEFAULT_ID_ATTRIBUTE = 'cn'
DEFAULT_OBJECTCLASS = 'inetOrgPerson'
DEFAULT_OU = 'ou=Users'
DEFAULT_STRUCTURAL_CLASSES = ['person']
attribute_ignore = ['tenant_id', 'enabled', 'tenants']
attribute_mapping = {'password': 'userPassword', 'name': 'sn'}
check_password(user_id, password)
create(values)
delete(id)
get_by_email(email)
get_by_name(name, filter=None)
get_by_tenant(user_id, tenant_id)
model

alias of User

options_name = 'user'
update(id, values)
user_role_add(values)
user_roles_by_tenant(user_id, tenant_id)
users_get_by_tenant_get_page(tenant_id, role_id, marker, limit)
users_get_by_tenant_get_page_markers(tenant_id, role_id, marker, limit)
users_get_page(marker, limit)
users_get_page_markers(marker, limit)
class keystone.identity.backends.ldap.core.UserRoleAssociation(user_id=None, role_id=None, tenant_id=None, *args, **kw)

Bases: object

Role Grant model.

hints = {'maps': {'roleId': 'role_id', 'userId': 'user_id', 'tenantId': 'tenant_id'}, 'contract_attributes': ['id', 'role_id', 'user_id', 'tenant_id'], 'types': [('user_id', <type 'basestring'>), ('tenant_id', <type 'basestring'>)]}