X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=blobdiff_plain;f=3rdparty%2Fmodules%2Fkeystone%2Fexamples%2Fldap_identity.pp;fp=3rdparty%2Fmodules%2Fkeystone%2Fexamples%2Fldap_identity.pp;h=41272c52f1485fae3ecfa6152e57bddafadeab4d;hp=0000000000000000000000000000000000000000;hb=b8fa2c1a5ec9dbcd1d2f9e9b41afdde4c603aa35;hpb=b7626cbcbb2fb8e7ce3dc5ac60e80a981175f9d3

diff --git a/3rdparty/modules/keystone/examples/ldap_identity.pp b/3rdparty/modules/keystone/examples/ldap_identity.pp
new file mode 100644
index 00000000..41272c52
--- /dev/null
+++ b/3rdparty/modules/keystone/examples/ldap_identity.pp
@@ -0,0 +1,28 @@
+# Example using LDAP to manage user identity only.
+# This setup will not allow changes to users.
+
+# Ensure this matches what is in LDAP or keystone will try to recreate
+# the admin user
+class { 'keystone::roles::admin':
+  email    => 'test@example.com',
+  password => 'ChangeMe',
+}
+
+# You can test this connection with ldapsearch first to ensure it works.
+# This was tested against a FreeIPA box, you will likely need to change the
+# attributes to match your configuration.
+class { 'keystone:ldap':
+  identity_driver       => 'keystone.identity.backends.ldap.Identity',
+  url                   => 'ldap://ldap.example.com:389',
+  user                  => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com',
+  password              => 'SecretPass',
+  suffix                => 'dc=example,dc=com',
+  query_scope           => 'sub',
+  user_tree_dn          => 'cn=users,cn=accounts,dc=example,dc=com',
+  user_id_attribute     => 'uid',
+  user_name_attribute   => 'uid',
+  user_mail_attribute   => 'mail',
+  user_allow_create     => 'False',
+  user_allow_update     => 'False',
+  user_allow_delete     => 'False'
+}