ldap-config-flags do not parse LDAP/AD options correctly

Kevin, can you please provide an example of what a correct parse might look like? The standard config flags parser we use in the charms is for config files with the format used in openstack. You can see an explanation here:

http://bazaar.launchpad.net/~charm-helpers/charm-helpers/devel/view/head:/charmhelpers/contrib/openstack/context.py#L104

If the config file you are using expects a different format we will need new parser logic but I would like to understand the requirements first so if you could provide some more details and examples that would be really helpful. Thanks.

Ed, the problem is that when configuring LDAP, the value itself might be a comma delimited value (see LDAP configuration reference here --> http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html). Unfortunately, the standard charm parsing here is taking a string and using the comma as a delimter, whereas a comma should not be a valid delimiter.

As you can see here (http://bazaar.launchpad.net/~openstack-charmers/charms/precise/keystone/trunk/view/head:/config.yaml#L124) the config option clearly states that the config flags should be a comma separated list of key/value pairs and if you further check the code you'll find that it uses the standard config flag parsing logic here - which means there's no good way to specify a key such as the user_tree_dn or any of the advanced filtering & queries that can be done with an LDAP server.

I think we should consider making this optionally in the format of a yaml associative array which would allow a bit more flexibility in specifying the complex options like so.

I just confirmed this behavior. It appears that the current config flags parsing supports a list of values but not a list of key/value pairs. e.g. you can use foo=bar,baz but not one=two=three.

This change will need to happen in 2 passes, first add the code to the charm-helpers (mp pending) and secondly sync the charm-helpers code into the keystone charm and update the config.yaml indicating how to specify more advanced config options.

Ed,

What billy said is perfect. There just needs to be another way to parse
arguments that have multiple comma's and '=' in them.

------------------
Kevin Metz
Cloud Consultant
415-968-9949

On 02/19/2015 07:11 AM, Billy Olsen wrote:
> This change will need to happen in 2 passes, first add the code to the
> charm-helpers (mp pending) and secondly sync the charm-helpers code into
> the keystone charm and update the config.yaml indicating how to specify
> more advanced config options.
>
> ** Changed in: keystone (Juju Charms Collection)
> Status: Confirmed => In Progress
>
> ** Tags added: backport-potential
>

I see that it was noted this will happen in a two step process. I see the first step is done, but not the second one. Since the second step has not been completed I'm not sure this can be considered 'fix released'.

@Kevin, looks like the code actually did make it into the 15.04 release of the charms. However, you are absolutely right in that I did not properly finish documenting it in the config.yaml file for the keystone charm.

I'll update the docs for the 15.07 version of the charms, but please be advised the code is there and ready to use.

The change allows for inline yaml and would allow for you to specify inline yaml instead of key=value pairs ala:

juju set keystone ldap-config-flags="{user_tree_dn: 'ou=Users,dc=example,dc=org', user_objectclass: 'inetOrgPerson', group_tree_dn: 'ou=Groups,dc=example,dc=org', group_objectclass: 'groupOfName'}"