Re: [openstack-dev] extending keystone identity

2014-01-28 Thread Dolph Mathews
or of authentication. list_users() should only called by the administrative API. > > I appreciate the help -- I know these are likely silly questions to > seasoned keystone developers. > > > > -- > From: dolph.math...@gmail.com > Date: Mon, 27 Jan 2014 22:35:18 -0600 > > To: ope

Re: [openstack-dev] extending keystone identity

2014-01-28 Thread Simon Perfer
me more complex authentication projects we have coming down the pipe. Date: Tue, 28 Jan 2014 15:42:29 -0500 From: ayo...@redhat.com To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] extending keystone identity Use two separate domains for them. Make the userids be

Re: [openstack-dev] extending keystone identity

2014-01-28 Thread Adam Young
Use two separate domains for them. Make the userids be "uuid@domainid" to be able distinguish one from the other. On 01/27/2014 04:27 PM, Simon Perfer wrote: I'm looking to create a simple Identity driver that will look at usernames. A small number of specific users should be authenticated by

Re: [openstack-dev] extending keystone identity

2014-01-28 Thread Simon Perfer
e are likely silly questions to seasoned keystone developers. From: dolph.math...@gmail.com Date: Mon, 27 Jan 2014 22:35:18 -0600 To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] extending keystone identity >From your original email, it sounds like you want to extend the e

Re: [openstack-dev] extending keystone identity

2014-01-27 Thread Dolph Mathews
ee the "my authenticate module loaded" in the log > > > I would appreciate any help in figuring out what I'm missing. Thanks! > > > > -- > From: simon.per...@hotmail.com > To: openstack-dev@lists.openstack.org > Date: Mon, 27 Ja

Re: [openstack-dev] extending keystone identity

2014-01-27 Thread Simon Perfer
rom: simon.per...@hotmail.com To: openstack-dev@lists.openstack.org Date: Mon, 27 Jan 2014 21:58:43 -0500 Subject: Re: [openstack-dev] extending keystone identity Dolph, I appreciate the response and pointing me in the right direction. Here's what I have so far: CONF = config.CONF LOG

Re: [openstack-dev] extending keystone identity

2014-01-27 Thread Simon Perfer
. Any thoughts on why I'm not hitting this method? From: dolph.math...@gmail.com Date: Mon, 27 Jan 2014 18:14:50 -0600 To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] extending keystone identity _check_password() is a private/internal API, so we make no guarantees about it&

Re: [openstack-dev] extending keystone identity

2014-01-27 Thread Dolph Mathews
_check_password() is a private/internal API, so we make no guarantees about it's stability. Instead, override the public authenticate() method with something like this: def authenticate(self, user_id, password, domain_scope=None): if user_id in SPECIAL_LIST_OF_USERS: # compa

[openstack-dev] extending keystone identity

2014-01-27 Thread Simon Perfer
I'm looking to create a simple Identity driver that will look at usernames. A small number of specific users should be authenticated by looking at a hard-coded password in keystone.conf, while any other users should fall back to LDAP authentication. I based my original driver on what's found her