Merge lp:~rlane/nova/ldapimprovements into lp:~hudson-openstack/nova/trunk

Proposed by Ryan Lane
Status: Merged
Approved by: Eric Day
Approved revision: 388
Merged at revision: 429
Proposed branch: lp:~rlane/nova/ldapimprovements
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 271 lines (+132/-109)
5 files modified
nova/auth/nova_openldap.schema (+84/-0)
nova/auth/nova_sun.schema (+16/-0)
nova/auth/openssh-lpk_openldap.schema (+19/-0)
nova/auth/openssh-lpk_sun.schema (+10/-0)
nova/auth/slap.sh (+3/-109)
To merge this branch: bzr merge lp:~rlane/nova/ldapimprovements
Reviewer Review Type Date Requested Status
Eric Day (community) Approve
Jay Pipes (community) Approve
Review via email: mp+40993@code.launchpad.net

Description of the change

Moving the openldap schema out of nova.sh into it's own files, and adding sun (opends/opendj/sun directory server/fedora ds) schema files

To post a comment you must log in.
Revision history for this message
Jay Pipes (jaypipes) wrote :

wow, this reminds me of just how much I hate LDAP :) But your code looks good regardless of my opinion of the technology!

review: Approve
lp:~rlane/nova/ldapimprovements updated
385. By Ryan Lane <laner@controller>

Merge from trunk

386. By Ryan Lane <laner@controller>

Adding support for modification only of user accounts.

387. By Ryan Lane <laner@controller>

Setting "name" back to "cn", since id and name should be separate

388. By Ryan Lane <laner@controller>

This modification should have occured in a different branch. Reverting.

Revision history for this message
Eric Day (eday) wrote :

lgtm!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file 'nova/auth/nova_openldap.schema'
2--- nova/auth/nova_openldap.schema 1970-01-01 00:00:00 +0000
3+++ nova/auth/nova_openldap.schema 2010-11-26 17:05:36 +0000
4@@ -0,0 +1,84 @@
5+#
6+# Person object for Nova
7+# inetorgperson with extra attributes
8+# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
9+#
10+#
11+
12+# using internet experimental oid arc as per BP64 3.1
13+objectidentifier novaSchema 1.3.6.1.3.1.666.666
14+objectidentifier novaAttrs novaSchema:3
15+objectidentifier novaOCs novaSchema:4
16+
17+attributetype (
18+ novaAttrs:1
19+ NAME 'accessKey'
20+ DESC 'Key for accessing data'
21+ EQUALITY caseIgnoreMatch
22+ SUBSTR caseIgnoreSubstringsMatch
23+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
24+ SINGLE-VALUE
25+ )
26+
27+attributetype (
28+ novaAttrs:2
29+ NAME 'secretKey'
30+ DESC 'Secret key'
31+ EQUALITY caseIgnoreMatch
32+ SUBSTR caseIgnoreSubstringsMatch
33+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
34+ SINGLE-VALUE
35+ )
36+
37+attributetype (
38+ novaAttrs:3
39+ NAME 'keyFingerprint'
40+ DESC 'Fingerprint of private key'
41+ EQUALITY caseIgnoreMatch
42+ SUBSTR caseIgnoreSubstringsMatch
43+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
44+ SINGLE-VALUE
45+ )
46+
47+attributetype (
48+ novaAttrs:4
49+ NAME 'isAdmin'
50+ DESC 'Is user an administrator?'
51+ EQUALITY booleanMatch
52+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
53+ SINGLE-VALUE
54+ )
55+
56+attributetype (
57+ novaAttrs:5
58+ NAME 'projectManager'
59+ DESC 'Project Managers of a project'
60+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
61+ )
62+
63+objectClass (
64+ novaOCs:1
65+ NAME 'novaUser'
66+ DESC 'access and secret keys'
67+ AUXILIARY
68+ MUST ( uid )
69+ MAY ( accessKey $ secretKey $ isAdmin )
70+ )
71+
72+objectClass (
73+ novaOCs:2
74+ NAME 'novaKeyPair'
75+ DESC 'Key pair for User'
76+ SUP top
77+ STRUCTURAL
78+ MUST ( cn $ sshPublicKey $ keyFingerprint )
79+ )
80+
81+objectClass (
82+ novaOCs:3
83+ NAME 'novaProject'
84+ DESC 'Container for project'
85+ SUP groupOfNames
86+ STRUCTURAL
87+ MUST ( cn $ projectManager )
88+ )
89
90=== added file 'nova/auth/nova_sun.schema'
91--- nova/auth/nova_sun.schema 1970-01-01 00:00:00 +0000
92+++ nova/auth/nova_sun.schema 2010-11-26 17:05:36 +0000
93@@ -0,0 +1,16 @@
94+#
95+# Person object for Nova
96+# inetorgperson with extra attributes
97+# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
98+# Modified for strict RFC 4512 compatibility by: Ryan Lane <ryan@ryandlane.com>
99+#
100+# using internet experimental oid arc as per BP64 3.1
101+dn: cn=schema
102+attributeTypes: ( 1.3.6.1.3.1.666.666.3.1 NAME 'accessKey' DESC 'Key for accessing data' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
103+attributeTypes: ( 1.3.6.1.3.1.666.666.3.2 NAME 'secretKey' DESC 'Secret key' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
104+attributeTypes: ( 1.3.6.1.3.1.666.666.3.3 NAME 'keyFingerprint' DESC 'Fingerprint of private key' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
105+attributeTypes: ( 1.3.6.1.3.1.666.666.3.4 NAME 'isAdmin' DESC 'Is user an administrator?' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
106+attributeTypes: ( 1.3.6.1.3.1.666.666.3.5 NAME 'projectManager' DESC 'Project Managers of a project' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
107+objectClasses: ( 1.3.6.1.3.1.666.666.4.1 NAME 'novaUser' DESC 'access and secret keys' SUP top AUXILIARY MUST ( uid ) MAY ( accessKey $ secretKey $ isAdmin ) )
108+objectClasses: ( 1.3.6.1.3.1.666.666.4.2 NAME 'novaKeyPair' DESC 'Key pair for User' SUP top STRUCTURAL MUST ( cn $ sshPublicKey $ keyFingerprint ) )
109+objectClasses: ( 1.3.6.1.3.1.666.666.4.3 NAME 'novaProject' DESC 'Container for project' SUP groupOfNames STRUCTURAL MUST ( cn $ projectManager ) )
110
111=== added file 'nova/auth/openssh-lpk_openldap.schema'
112--- nova/auth/openssh-lpk_openldap.schema 1970-01-01 00:00:00 +0000
113+++ nova/auth/openssh-lpk_openldap.schema 2010-11-26 17:05:36 +0000
114@@ -0,0 +1,19 @@
115+#
116+# LDAP Public Key Patch schema for use with openssh-ldappubkey
117+# Author: Eric AUGE <eau@phear.org>
118+#
119+# Based on the proposal of : Mark Ruijter
120+#
121+
122+
123+# octetString SYNTAX
124+attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
125+ DESC 'MANDATORY: OpenSSH Public key'
126+ EQUALITY octetStringMatch
127+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
128+
129+# printableString SYNTAX yes|no
130+objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
131+ DESC 'MANDATORY: OpenSSH LPK objectclass'
132+ MAY ( sshPublicKey $ uid )
133+ )
134
135=== added file 'nova/auth/openssh-lpk_sun.schema'
136--- nova/auth/openssh-lpk_sun.schema 1970-01-01 00:00:00 +0000
137+++ nova/auth/openssh-lpk_sun.schema 2010-11-26 17:05:36 +0000
138@@ -0,0 +1,10 @@
139+#
140+# LDAP Public Key Patch schema for use with openssh-ldappubkey
141+# Author: Eric AUGE <eau@phear.org>
142+#
143+# Schema for Sun Directory Server.
144+# Based on the original schema, modified by Stefan Fischer.
145+#
146+dn: cn=schema
147+attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DESC 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
148+objectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MAY ( sshPublicKey $ uid ) )
149
150=== modified file 'nova/auth/slap.sh'
151--- nova/auth/slap.sh 2010-07-15 15:52:11 +0000
152+++ nova/auth/slap.sh 2010-11-26 17:05:36 +0000
153@@ -20,115 +20,9 @@
154
155 apt-get install -y slapd ldap-utils python-ldap
156
157-cat >/etc/ldap/schema/openssh-lpk_openldap.schema <<LPK_SCHEMA_EOF
158-#
159-# LDAP Public Key Patch schema for use with openssh-ldappubkey
160-# Author: Eric AUGE <eau@phear.org>
161-#
162-# Based on the proposal of : Mark Ruijter
163-#
164-
165-
166-# octetString SYNTAX
167-attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
168- DESC 'MANDATORY: OpenSSH Public key'
169- EQUALITY octetStringMatch
170- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
171-
172-# printableString SYNTAX yes|no
173-objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
174- DESC 'MANDATORY: OpenSSH LPK objectclass'
175- MAY ( sshPublicKey $ uid )
176- )
177-LPK_SCHEMA_EOF
178-
179-cat >/etc/ldap/schema/nova.schema <<NOVA_SCHEMA_EOF
180-#
181-# Person object for Nova
182-# inetorgperson with extra attributes
183-# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
184-#
185-#
186-
187-# using internet experimental oid arc as per BP64 3.1
188-objectidentifier novaSchema 1.3.6.1.3.1.666.666
189-objectidentifier novaAttrs novaSchema:3
190-objectidentifier novaOCs novaSchema:4
191-
192-attributetype (
193- novaAttrs:1
194- NAME 'accessKey'
195- DESC 'Key for accessing data'
196- EQUALITY caseIgnoreMatch
197- SUBSTR caseIgnoreSubstringsMatch
198- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
199- SINGLE-VALUE
200- )
201-
202-attributetype (
203- novaAttrs:2
204- NAME 'secretKey'
205- DESC 'Secret key'
206- EQUALITY caseIgnoreMatch
207- SUBSTR caseIgnoreSubstringsMatch
208- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
209- SINGLE-VALUE
210- )
211-
212-attributetype (
213- novaAttrs:3
214- NAME 'keyFingerprint'
215- DESC 'Fingerprint of private key'
216- EQUALITY caseIgnoreMatch
217- SUBSTR caseIgnoreSubstringsMatch
218- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
219- SINGLE-VALUE
220- )
221-
222-attributetype (
223- novaAttrs:4
224- NAME 'isAdmin'
225- DESC 'Is user an administrator?'
226- EQUALITY booleanMatch
227- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
228- SINGLE-VALUE
229- )
230-
231-attributetype (
232- novaAttrs:5
233- NAME 'projectManager'
234- DESC 'Project Managers of a project'
235- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
236- )
237-
238-objectClass (
239- novaOCs:1
240- NAME 'novaUser'
241- DESC 'access and secret keys'
242- AUXILIARY
243- MUST ( uid )
244- MAY ( accessKey $ secretKey $ isAdmin )
245- )
246-
247-objectClass (
248- novaOCs:2
249- NAME 'novaKeyPair'
250- DESC 'Key pair for User'
251- SUP top
252- STRUCTURAL
253- MUST ( cn $ sshPublicKey $ keyFingerprint )
254- )
255-
256-objectClass (
257- novaOCs:3
258- NAME 'novaProject'
259- DESC 'Container for project'
260- SUP groupOfNames
261- STRUCTURAL
262- MUST ( cn $ projectManager )
263- )
264-
265-NOVA_SCHEMA_EOF
266+abspath=`dirname "$(cd "${0%/*}" 2>/dev/null; echo "$PWD"/"${0##*/}")"`
267+cp $abspath/openssh-lpk_openldap.schema /etc/ldap/schema/openssh-lpk_openldap.schema
268+cp $abspath/nova_openldap.schema /etc/ldap/schema/nova_openldap.schema
269
270 mv /etc/ldap/slapd.conf /etc/ldap/slapd.conf.orig
271 cat >/etc/ldap/slapd.conf <<SLAPD_CONF_EOF