OpenStack Compute (nova)

Merge lp:~rlane/nova/ldapimprovements into lp:~hudson-openstack/nova/trunk

  1. ldapimprovements
  2. Merge into trunk
Proposed by Ryan Lane
Status: Merged
Approved by: Eric Day
Approved revision: 388
Merged at revision: 429
Proposed branch: lp:~rlane/nova/ldapimprovements
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 271 lines (+132/-109)
5 files modified
nova/auth/nova_openldap.schema (+84/-0)
nova/auth/nova_sun.schema (+16/-0)
nova/auth/openssh-lpk_openldap.schema (+19/-0)
nova/auth/openssh-lpk_sun.schema (+10/-0)
nova/auth/slap.sh (+3/-109)
To merge this branch: bzr merge lp:~rlane/nova/ldapimprovements
Reviewer Review Type Date Requested Status
Eric Day (community) Approve
Jay Pipes (community) Approve
Review via email: mp+40993@code.launchpad.net

Description of the change

Moving the openldap schema out of nova.sh into it's own files, and adding sun (opends/opendj/sun directory server/fedora ds) schema files

To post a comment you must log in.
Revision history for this message
Jay Pipes (jaypipes) wrote :

wow, this reminds me of just how much I hate LDAP :) But your code looks good regardless of my opinion of the technology!

review: Approve
lp:~rlane/nova/ldapimprovements updated
385. By Ryan Lane <laner@controller>

Merge from trunk

386. By Ryan Lane <laner@controller>

Adding support for modification only of user accounts.

387. By Ryan Lane <laner@controller>

Setting "name" back to "cn", since id and name should be separate

388. By Ryan Lane <laner@controller>

This modification should have occured in a different branch. Reverting.

Revision history for this message
Eric Day (eday) wrote :

lgtm!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== added file 'nova/auth/nova_openldap.schema'
--- nova/auth/nova_openldap.schema 1970-01-01 00:00:00 +0000
+++ nova/auth/nova_openldap.schema 2010-11-26 17:05:36 +0000
@@ -0,0 +1,84 @@
1#
2# Person object for Nova
3# inetorgperson with extra attributes
4# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
5#
6#
7
8# using internet experimental oid arc as per BP64 3.1
9objectidentifier novaSchema 1.3.6.1.3.1.666.666
10objectidentifier novaAttrs novaSchema:3
11objectidentifier novaOCs novaSchema:4
12
13attributetype (
14 novaAttrs:1
15 NAME 'accessKey'
16 DESC 'Key for accessing data'
17 EQUALITY caseIgnoreMatch
18 SUBSTR caseIgnoreSubstringsMatch
19 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
20 SINGLE-VALUE
21 )
22
23attributetype (
24 novaAttrs:2
25 NAME 'secretKey'
26 DESC 'Secret key'
27 EQUALITY caseIgnoreMatch
28 SUBSTR caseIgnoreSubstringsMatch
29 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
30 SINGLE-VALUE
31 )
32
33attributetype (
34 novaAttrs:3
35 NAME 'keyFingerprint'
36 DESC 'Fingerprint of private key'
37 EQUALITY caseIgnoreMatch
38 SUBSTR caseIgnoreSubstringsMatch
39 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
40 SINGLE-VALUE
41 )
42
43attributetype (
44 novaAttrs:4
45 NAME 'isAdmin'
46 DESC 'Is user an administrator?'
47 EQUALITY booleanMatch
48 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
49 SINGLE-VALUE
50 )
51
52attributetype (
53 novaAttrs:5
54 NAME 'projectManager'
55 DESC 'Project Managers of a project'
56 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
57 )
58
59objectClass (
60 novaOCs:1
61 NAME 'novaUser'
62 DESC 'access and secret keys'
63 AUXILIARY
64 MUST ( uid )
65 MAY ( accessKey $ secretKey $ isAdmin )
66 )
67
68objectClass (
69 novaOCs:2
70 NAME 'novaKeyPair'
71 DESC 'Key pair for User'
72 SUP top
73 STRUCTURAL
74 MUST ( cn $ sshPublicKey $ keyFingerprint )
75 )
76
77objectClass (
78 novaOCs:3
79 NAME 'novaProject'
80 DESC 'Container for project'
81 SUP groupOfNames
82 STRUCTURAL
83 MUST ( cn $ projectManager )
84 )
085
=== added file 'nova/auth/nova_sun.schema'
--- nova/auth/nova_sun.schema 1970-01-01 00:00:00 +0000
+++ nova/auth/nova_sun.schema 2010-11-26 17:05:36 +0000
@@ -0,0 +1,16 @@
1#
2# Person object for Nova
3# inetorgperson with extra attributes
4# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
5# Modified for strict RFC 4512 compatibility by: Ryan Lane <ryan@ryandlane.com>
6#
7# using internet experimental oid arc as per BP64 3.1
8dn: cn=schema
9attributeTypes: ( 1.3.6.1.3.1.666.666.3.1 NAME 'accessKey' DESC 'Key for accessing data' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
10attributeTypes: ( 1.3.6.1.3.1.666.666.3.2 NAME 'secretKey' DESC 'Secret key' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
11attributeTypes: ( 1.3.6.1.3.1.666.666.3.3 NAME 'keyFingerprint' DESC 'Fingerprint of private key' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
12attributeTypes: ( 1.3.6.1.3.1.666.666.3.4 NAME 'isAdmin' DESC 'Is user an administrator?' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
13attributeTypes: ( 1.3.6.1.3.1.666.666.3.5 NAME 'projectManager' DESC 'Project Managers of a project' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
14objectClasses: ( 1.3.6.1.3.1.666.666.4.1 NAME 'novaUser' DESC 'access and secret keys' SUP top AUXILIARY MUST ( uid ) MAY ( accessKey $ secretKey $ isAdmin ) )
15objectClasses: ( 1.3.6.1.3.1.666.666.4.2 NAME 'novaKeyPair' DESC 'Key pair for User' SUP top STRUCTURAL MUST ( cn $ sshPublicKey $ keyFingerprint ) )
16objectClasses: ( 1.3.6.1.3.1.666.666.4.3 NAME 'novaProject' DESC 'Container for project' SUP groupOfNames STRUCTURAL MUST ( cn $ projectManager ) )
017
=== added file 'nova/auth/openssh-lpk_openldap.schema'
--- nova/auth/openssh-lpk_openldap.schema 1970-01-01 00:00:00 +0000
+++ nova/auth/openssh-lpk_openldap.schema 2010-11-26 17:05:36 +0000
@@ -0,0 +1,19 @@
1#
2# LDAP Public Key Patch schema for use with openssh-ldappubkey
3# Author: Eric AUGE <eau@phear.org>
4#
5# Based on the proposal of : Mark Ruijter
6#
7
8
9# octetString SYNTAX
10attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
11 DESC 'MANDATORY: OpenSSH Public key'
12 EQUALITY octetStringMatch
13 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
14
15# printableString SYNTAX yes|no
16objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
17 DESC 'MANDATORY: OpenSSH LPK objectclass'
18 MAY ( sshPublicKey $ uid )
19 )
020
=== added file 'nova/auth/openssh-lpk_sun.schema'
--- nova/auth/openssh-lpk_sun.schema 1970-01-01 00:00:00 +0000
+++ nova/auth/openssh-lpk_sun.schema 2010-11-26 17:05:36 +0000
@@ -0,0 +1,10 @@
1#
2# LDAP Public Key Patch schema for use with openssh-ldappubkey
3# Author: Eric AUGE <eau@phear.org>
4#
5# Schema for Sun Directory Server.
6# Based on the original schema, modified by Stefan Fischer.
7#
8dn: cn=schema
9attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DESC 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
10objectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MAY ( sshPublicKey $ uid ) )
011
=== modified file 'nova/auth/slap.sh'
--- nova/auth/slap.sh 2010-07-15 15:52:11 +0000
+++ nova/auth/slap.sh 2010-11-26 17:05:36 +0000
@@ -20,115 +20,9 @@
2020
21apt-get install -y slapd ldap-utils python-ldap21apt-get install -y slapd ldap-utils python-ldap
2222
23cat >/etc/ldap/schema/openssh-lpk_openldap.schema <<LPK_SCHEMA_EOF23abspath=`dirname "$(cd "${0%/*}" 2>/dev/null; echo "$PWD"/"${0##*/}")"`
24#24cp $abspath/openssh-lpk_openldap.schema /etc/ldap/schema/openssh-lpk_openldap.schema
25# LDAP Public Key Patch schema for use with openssh-ldappubkey25cp $abspath/nova_openldap.schema /etc/ldap/schema/nova_openldap.schema
26# Author: Eric AUGE <eau@phear.org>
27#
28# Based on the proposal of : Mark Ruijter
29#
30
31
32# octetString SYNTAX
33attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
34 DESC 'MANDATORY: OpenSSH Public key'
35 EQUALITY octetStringMatch
36 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
37
38# printableString SYNTAX yes|no
39objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
40 DESC 'MANDATORY: OpenSSH LPK objectclass'
41 MAY ( sshPublicKey $ uid )
42 )
43LPK_SCHEMA_EOF
44
45cat >/etc/ldap/schema/nova.schema <<NOVA_SCHEMA_EOF
46#
47# Person object for Nova
48# inetorgperson with extra attributes
49# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
50#
51#
52
53# using internet experimental oid arc as per BP64 3.1
54objectidentifier novaSchema 1.3.6.1.3.1.666.666
55objectidentifier novaAttrs novaSchema:3
56objectidentifier novaOCs novaSchema:4
57
58attributetype (
59 novaAttrs:1
60 NAME 'accessKey'
61 DESC 'Key for accessing data'
62 EQUALITY caseIgnoreMatch
63 SUBSTR caseIgnoreSubstringsMatch
64 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
65 SINGLE-VALUE
66 )
67
68attributetype (
69 novaAttrs:2
70 NAME 'secretKey'
71 DESC 'Secret key'
72 EQUALITY caseIgnoreMatch
73 SUBSTR caseIgnoreSubstringsMatch
74 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
75 SINGLE-VALUE
76 )
77
78attributetype (
79 novaAttrs:3
80 NAME 'keyFingerprint'
81 DESC 'Fingerprint of private key'
82 EQUALITY caseIgnoreMatch
83 SUBSTR caseIgnoreSubstringsMatch
84 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
85 SINGLE-VALUE
86 )
87
88attributetype (
89 novaAttrs:4
90 NAME 'isAdmin'
91 DESC 'Is user an administrator?'
92 EQUALITY booleanMatch
93 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
94 SINGLE-VALUE
95 )
96
97attributetype (
98 novaAttrs:5
99 NAME 'projectManager'
100 DESC 'Project Managers of a project'
101 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
102 )
103
104objectClass (
105 novaOCs:1
106 NAME 'novaUser'
107 DESC 'access and secret keys'
108 AUXILIARY
109 MUST ( uid )
110 MAY ( accessKey $ secretKey $ isAdmin )
111 )
112
113objectClass (
114 novaOCs:2
115 NAME 'novaKeyPair'
116 DESC 'Key pair for User'
117 SUP top
118 STRUCTURAL
119 MUST ( cn $ sshPublicKey $ keyFingerprint )
120 )
121
122objectClass (
123 novaOCs:3
124 NAME 'novaProject'
125 DESC 'Container for project'
126 SUP groupOfNames
127 STRUCTURAL
128 MUST ( cn $ projectManager )
129 )
130
131NOVA_SCHEMA_EOF
13226
133mv /etc/ldap/slapd.conf /etc/ldap/slapd.conf.orig27mv /etc/ldap/slapd.conf /etc/ldap/slapd.conf.orig
134cat >/etc/ldap/slapd.conf <<SLAPD_CONF_EOF28cat >/etc/ldap/slapd.conf <<SLAPD_CONF_EOF