Use object creation templates for creation of users, tenants, etc.
Rather than hardcoding the objectclasses and attributes that will be used for user, tenant, role, etc. creation, we should use templates, where keystone administrators could specify how they'd like the objects created. For instance, here's a YAML example for a user:
user_template:
objectclasses:
- inetorgperson
- posixuser
- top
attributes:
- uid: {{ id }}
- cn: {{ name }}
- sn: {{ id }}
- uidNumber: {{ extension:
- homeDirectory: /home/{{ id }}
- accountShell: /bin/bash
Template files would be placed in /etc/keystone/
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Morgan Fainberg
Related branches
Related bugs
Sprints
Whiteboard
(morganfainberg): This type of optimization on how LDAP is handled can be repurposed once we know the direction of the LDAP backends (e.g. SSSD, split for read-only vs read-write). for now I'm going to mark this as obsolete.