keystone.identity.backends.ldap.core module¶

class keystone.identity.backends.ldap.core.GroupApi(conf)[source]¶

Bases: keystone.identity.backends.ldap.common.BaseLdap

DEFAULT_ID_ATTR = 'cn'¶

DEFAULT_MEMBER_ATTRIBUTE = 'member'¶

DEFAULT_OBJECTCLASS = 'groupOfNames'¶

DEFAULT_OU = 'ou=UserGroups'¶

DEFAULT_STRUCTURAL_CLASSES = []¶

NotFound¶

alias of keystone.exception.GroupNotFound

add_user(user_dn, group_id, user_id)[source]¶

attribute_options_names = {'description': 'desc', 'name': 'name'}¶

create(values)[source]¶

get_all_filtered(hints, query=None)[source]¶

get_filtered(group_id)[source]¶

get_filtered_by_name(group_name)[source]¶

immutable_attrs = ['name']¶

list_group_users(group_id)[source]¶

Return a list of user dns which are members of a group.

list_user_groups(user_dn)[source]¶

Return a list of groups for which the user is a member.

list_user_groups_filtered(user_dn, hints)[source]¶

Return a filtered list of groups for which the user is a member.

model¶

alias of keystone.identity.backends.ldap.models.Group

options_name = 'group'¶

update(group_id, values)[source]¶

class keystone.identity.backends.ldap.core.Identity(conf=None)[source]¶

Bases: keystone.identity.backends.base.IdentityDriverBase

add_user_to_group(user_id, group_id)[source]¶

Add a user to a group.

Parameters:	user_id (str) – User ID. group_id (str) – Group ID.
Raises:	keystone.exception.UserNotFound – If the user doesn’t exist. keystone.exception.GroupNotFound – If the group doesn’t exist.

authenticate(user_id, password)[source]¶

Authenticate a given user and password.

Parameters:	user_id (str) – User ID password (str) – Password
Returns:	user. See user schema in IdentityDriverBase.
Return type:	dict
Raises:	AssertionError – If user or password is invalid.

change_password(user_id, new_password)[source]¶

Self-service password change.

Parameters:	user_id (str) – User ID. new_password (str) – New password.
Raises:	keystone.exception.UserNotFound – If the user doesn’t exist. keystone.exception.PasswordValidation – If password fails validation

check_user_in_group(user_id, group_id)[source]¶

Check if a user is a member of a group.

Parameters:	user_id (str) – User ID. group_id (str) – Group ID.
Raises:	keystone.exception.NotFound – If the user is not a member of the group. keystone.exception.UserNotFound – If the user doesn’t exist. keystone.exception.GroupNotFound – If the group doesn’t exist.

create_group(group_id, group)[source]¶

Create a new group.

Parameters:	group_id (str) – group ID. The driver can ignore this value. group (dict) – group info. See group schema in IdentityDriverBase.
Returns:	group, matching the group schema.
Return type:	dict
Raises:	keystone.exception.Conflict – If a duplicate group exists.

create_user(user_id, user)[source]¶

Create a new user.

Parameters:	user_id (str) – user ID. The driver can ignore this value. user (dict) – user info. See user schema in IdentityDriverBase.
Returns:	user, matching the user schema. The driver should not return the password.
Return type:	dict
Raises:	keystone.exception.Conflict – If a duplicate user exists.

delete_group(group_id)[source]¶

Delete an existing group.

Parameters:	group_id (str) – Group ID.
Raises:	keystone.exception.GroupNotFound – If the group doesn’t exist.

delete_user(user_id)[source]¶

Delete an existing user.

Raises:	keystone.exception.UserNotFound – If the user doesn’t exist.

generates_uuids()[source]¶

Indicate if Driver generates UUIDs as the local entity ID.

get_group(group_id)[source]¶

Get a group by ID.

Parameters:	group_id (str) – group ID.
Returns:	group info. See group schema in IdentityDriverBase
Return type:	dict
Raises:	keystone.exception.GroupNotFound – If the group doesn’t exist.

get_group_by_name(group_name, domain_id)[source]¶

Get a group by name.

Parameters:	group_name (str) – group name. domain_id (str) – domain ID.
Returns:	group info. See group schema in IdentityDriverBase.
Return type:	dict
Raises:	keystone.exception.GroupNotFound – If the group doesn’t exist.

get_user(user_id)[source]¶

Get a user by ID.

Parameters:	user_id (str) – User ID.
Returns:	user. See user schema in IdentityDriverBase.
Return type:	dict
Raises:	keystone.exception.UserNotFound – If the user doesn’t exist.

get_user_by_name(user_name, domain_id)[source]¶

Get a user by name.

Returns:	user_ref
Raises:	keystone.exception.UserNotFound – If the user doesn’t exist.

is_domain_aware()[source]¶

Indicate if the driver supports domains.

list_groups(hints)[source]¶

List groups in the system.

Parameters:	hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible.
Returns:	a list of group_refs or an empty list. See group schema in IdentityDriverBase.

list_groups_for_user(user_id, hints)[source]¶

List groups a user is in.

Parameters:	user_id (str) – the user in question hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible.
Returns:	a list of group_refs or an empty list. See group schema in IdentityDriverBase.
Raises:	keystone.exception.UserNotFound – If the user doesn’t exist.

list_users(hints)[source]¶

List users in the system.

Parameters:	hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible.
Returns:	a list of users or an empty list. See user schema in IdentityDriverBase.
Return type:	list of dict

list_users_in_group(group_id, hints)[source]¶

List users in a group.

Parameters:	group_id (str) – the group in question hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible.
Returns:	a list of users or an empty list. See user schema in IdentityDriverBase.
Return type:	list of dict
Raises:	keystone.exception.GroupNotFound – If the group doesn’t exist.

remove_user_from_group(user_id, group_id)[source]¶

Remove a user from a group.

Parameters:	user_id (str) – User ID. group_id (str) – Group ID.
Raises:	keystone.exception.NotFound – If the user is not in the group.

unset_default_project_id(project_id)[source]¶

Unset a user’s default project given a specific project ID.

Parameters:	project_id (str) – project ID

update_group(group_id, group)[source]¶

Update an existing group.

Parameters:	group_id (str) – Group ID. group (dict) – Group modification. See group schema in IdentityDriverBase. Required properties cannot be removed.
Returns:	group, matching the group schema.
Return type:	dict
Raises:	keystone.exception.GroupNotFound – If the group doesn’t exist. keystone.exception.Conflict – If a duplicate group exists.

update_user(user_id, user)[source]¶

Update an existing user.

Parameters:	user_id (str) – User ID. user (dict) – User modification. See user schema in IdentityDriverBase. Properties set to None will be removed. Required properties cannot be removed.
Returns:	user. See user schema in IdentityDriverBase.
Raises:	keystone.exception.UserNotFound – If the user doesn’t exist. keystone.exception.Conflict – If a duplicate user exists in the same domain.

class keystone.identity.backends.ldap.core.UserApi(conf)[source]¶

Bases: keystone.identity.backends.ldap.common.EnabledEmuMixIn, keystone.identity.backends.ldap.common.BaseLdap

DEFAULT_ID_ATTR = 'cn'¶

DEFAULT_OBJECTCLASS = 'inetOrgPerson'¶

DEFAULT_OU = 'ou=Users'¶

DEFAULT_STRUCTURAL_CLASSES = ['person']¶

NotFound¶

alias of keystone.exception.UserNotFound

attribute_options_names = {'default_project_id': 'default_project_id', 'description': 'description', 'email': 'mail', 'enabled': 'enabled', 'name': 'name', 'password': 'pass'}¶

create(values)[source]¶

filter_attributes(user)[source]¶

get(user_id, ldap_filter=None)[source]¶

get_all(ldap_filter=None, hints=None)[source]¶

get_all_filtered(hints)[source]¶

get_filtered(user_id)[source]¶

immutable_attrs = ['id']¶

is_user(dn)[source]¶

Return True if the entry is a user.

mask_enabled_attribute(values)[source]¶

model¶

alias of keystone.identity.backends.ldap.models.User

options_name = 'user'¶

update(user_id, values, old_obj=None)[source]¶