keystone.identity.backends.ldap.core module

class keystone.identity.backends.ldap.core.GroupApi(conf)[source]

Bases: keystone.identity.backends.ldap.common.BaseLdap

DEFAULT_ID_ATTR = 'cn'
DEFAULT_MEMBER_ATTRIBUTE = 'member'
DEFAULT_OBJECTCLASS = 'groupOfNames'
DEFAULT_OU = 'ou=UserGroups'
DEFAULT_STRUCTURAL_CLASSES = []
NotFound

alias of keystone.exception.GroupNotFound

add_user(user_dn, group_id, user_id)[source]
attribute_options_names = {'description': 'desc', 'name': 'name'}
create(values)[source]
get_all_filtered(hints, query=None)[source]
get_filtered(group_id)[source]
get_filtered_by_name(group_name)[source]
immutable_attrs = ['name']
list_group_users(group_id)[source]

Return a list of user dns which are members of a group.

list_user_groups(user_dn)[source]

Return a list of groups for which the user is a member.

list_user_groups_filtered(user_dn, hints)[source]

Return a filtered list of groups for which the user is a member.

model

alias of keystone.identity.backends.ldap.models.Group

options_name = 'group'
update(group_id, values)[source]
class keystone.identity.backends.ldap.core.Identity(conf=None)[source]

Bases: keystone.identity.backends.base.IdentityDriverBase

add_user_to_group(user_id, group_id)[source]

Add a user to a group.

Parameters
  • user_id (str) – User ID.

  • group_id (str) – Group ID.

Raises
authenticate(user_id, password)[source]

Authenticate a given user and password.

Parameters
  • user_id (str) – User ID

  • password (str) – Password

Returns

user. See user schema in IdentityDriverBase.

Return type

dict

Raises

AssertionError – If user or password is invalid.

change_password(user_id, new_password)[source]

Self-service password change.

Parameters
  • user_id (str) – User ID.

  • new_password (str) – New password.

Raises
check_user_in_group(user_id, group_id)[source]

Check if a user is a member of a group.

Parameters
  • user_id (str) – User ID.

  • group_id (str) – Group ID.

Raises
create_group(group_id, group)[source]

Create a new group.

Parameters
  • group_id (str) – group ID. The driver can ignore this value.

  • group (dict) – group info. See group schema in IdentityDriverBase.

Returns

group, matching the group schema.

Return type

dict

Raises

keystone.exception.Conflict – If a duplicate group exists.

create_user(user_id, user)[source]

Create a new user.

Parameters
  • user_id (str) – user ID. The driver can ignore this value.

  • user (dict) – user info. See user schema in IdentityDriverBase.

Returns

user, matching the user schema. The driver should not return the password.

Return type

dict

Raises

keystone.exception.Conflict – If a duplicate user exists.

delete_group(group_id)[source]

Delete an existing group.

Parameters

group_id (str) – Group ID.

Raises

keystone.exception.GroupNotFound – If the group doesn’t exist.

delete_user(user_id)[source]

Delete an existing user.

Raises

keystone.exception.UserNotFound – If the user doesn’t exist.

generates_uuids()[source]

Indicate if Driver generates UUIDs as the local entity ID.

get_group(group_id)[source]

Get a group by ID.

Parameters

group_id (str) – group ID.

Returns

group info. See group schema in IdentityDriverBase

Return type

dict

Raises

keystone.exception.GroupNotFound – If the group doesn’t exist.

get_group_by_name(group_name, domain_id)[source]

Get a group by name.

Parameters
  • group_name (str) – group name.

  • domain_id (str) – domain ID.

Returns

group info. See group schema in IdentityDriverBase.

Return type

dict

Raises

keystone.exception.GroupNotFound – If the group doesn’t exist.

get_user(user_id)[source]

Get a user by ID.

Parameters

user_id (str) – User ID.

Returns

user. See user schema in IdentityDriverBase.

Return type

dict

Raises

keystone.exception.UserNotFound – If the user doesn’t exist.

get_user_by_name(user_name, domain_id)[source]

Get a user by name.

Returns

user_ref

Raises

keystone.exception.UserNotFound – If the user doesn’t exist.

is_domain_aware()[source]

Indicate if the driver supports domains.

list_groups(hints)[source]

List groups in the system.

Parameters

hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible.

Returns

a list of group_refs or an empty list. See group schema in IdentityDriverBase.

list_groups_for_user(user_id, hints)[source]

List groups a user is in.

Parameters
Returns

a list of group_refs or an empty list. See group schema in IdentityDriverBase.

Raises

keystone.exception.UserNotFound – If the user doesn’t exist.

list_users(hints)[source]

List users in the system.

Parameters

hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible.

Returns

a list of users or an empty list. See user schema in IdentityDriverBase.

Return type

list of dict

list_users_in_group(group_id, hints)[source]

List users in a group.

Parameters
Returns

a list of users or an empty list. See user schema in IdentityDriverBase.

Return type

list of dict

Raises

keystone.exception.GroupNotFound – If the group doesn’t exist.

remove_user_from_group(user_id, group_id)[source]

Remove a user from a group.

Parameters
  • user_id (str) – User ID.

  • group_id (str) – Group ID.

Raises

keystone.exception.NotFound – If the user is not in the group.

reset_last_active()[source]

Resets null last_active_at values.

This method looks for all users in the database that have a null value for last_updated_at and resets that value to the current time.

unset_default_project_id(project_id)[source]

Unset a user’s default project given a specific project ID.

Parameters

project_id (str) – project ID

update_group(group_id, group)[source]

Update an existing group.

Parameters
  • group_id (str) – Group ID.

  • group (dict) – Group modification. See group schema in IdentityDriverBase. Required properties cannot be removed.

Returns

group, matching the group schema.

Return type

dict

Raises
update_user(user_id, user)[source]

Update an existing user.

Parameters
  • user_id (str) – User ID.

  • user (dict) – User modification. See user schema in IdentityDriverBase. Properties set to None will be removed. Required properties cannot be removed.

Returns

user. See user schema in IdentityDriverBase.

Raises
class keystone.identity.backends.ldap.core.UserApi(conf)[source]

Bases: keystone.identity.backends.ldap.common.EnabledEmuMixIn, keystone.identity.backends.ldap.common.BaseLdap

DEFAULT_ID_ATTR = 'cn'
DEFAULT_OBJECTCLASS = 'inetOrgPerson'
DEFAULT_OU = 'ou=Users'
DEFAULT_STRUCTURAL_CLASSES = ['person']
NotFound

alias of keystone.exception.UserNotFound

attribute_options_names = {'default_project_id': 'default_project_id', 'description': 'description', 'email': 'mail', 'enabled': 'enabled', 'name': 'name', 'password': 'pass'}
create(values)[source]
filter_attributes(user)[source]
get(user_id, ldap_filter=None)[source]
get_all(ldap_filter=None, hints=None)[source]
get_all_filtered(hints)[source]
get_filtered(user_id)[source]
immutable_attrs = ['id']
is_user(dn)[source]

Return True if the entry is a user.

mask_enabled_attribute(values)[source]
model

alias of keystone.identity.backends.ldap.models.User

options_name = 'user'
update(user_id, values, old_obj=None)[source]