From f41024e4b0b39f4b2d5d6bdb4873010f2e625b42 Mon Sep 17 00:00:00 2001
From: Brad Topol <btopol@us.ibm.com>
Date: Tue, 19 Feb 2013 15:36:41 -0600
Subject: [PATCH] Fixes Bug1130377  devstack ldap set values in keystone.conf

Addressed reviewers comments and added some extra properties
needed by latest version of keystone.
This fix sets some needed values in keystone.conf to ensure
that keystone can add entries to LDAP and remain schema
compliant.  It creates a new special role (_member_) that
is needed by the latest version of keystone and also
fixes tenant_id to be tenantId.

Change-Id: Ia2a1ebb7cbedb0af106c74aa9181843cc9739f5d
---
 files/ldap/openstack.ldif |  5 +++++
 lib/keystone              | 10 ++++++++++
 2 files changed, 15 insertions(+)

diff --git a/files/ldap/openstack.ldif b/files/ldap/openstack.ldif
index 287fda4521..00c9861d6d 100644
--- a/files/ldap/openstack.ldif
+++ b/files/ldap/openstack.ldif
@@ -19,3 +19,8 @@ ou: Roles
 dn: ou=Projects,dc=openstack,dc=org
 objectClass: organizationalUnit
 ou: Projects
+
+dn: cn=9fe2ff9ee4384b1894a90878d3e92bab,ou=Roles,dc=openstack,dc=org
+objectClass: organizationalRole
+ou: _member_
+cn: 9fe2ff9ee4384b1894a90878d3e92bab
diff --git a/lib/keystone b/lib/keystone
index 866c62e165..a1a57f83bd 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -99,6 +99,16 @@ function configure_keystone() {
         iniset $KEYSTONE_CONF ldap password  $LDAP_PASSWORD
         iniset $KEYSTONE_CONF ldap user "dc=Manager,dc=openstack,dc=org"
         iniset $KEYSTONE_CONF ldap suffix "dc=openstack,dc=org"
+        iniset $KEYSTONE_CONF ldap use_dumb_member "True"
+        iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,tenantId"
+        iniset $KEYSTONE_CONF ldap tenant_attribute_ignore "enabled"
+        iniset $KEYSTONE_CONF ldap tenant_domain_id_attribute "businessCategory"
+        iniset $KEYSTONE_CONF ldap tenant_desc_attribute "description"
+        iniset $KEYSTONE_CONF ldap tenant_tree_dn "ou=Projects,dc=openstack,dc=org"
+        iniset $KEYSTONE_CONF ldap user_domain_id_attribute "businessCategory"
+        iniset $KEYSTONE_CONF ldap user_tree_dn "ou=Users,dc=openstack,dc=org"
+        iniset $KEYSTONE_CONF DEFAULT member_role_id "9fe2ff9ee4384b1894a90878d3e92bab"
+        iniset $KEYSTONE_CONF DEFAULT member_role_name "_member_"
     fi
 
     if [[  "$KEYSTONE_IDENTITY_BACKEND" == "ldap"  ]]; then