[Kimchi-devel] [RFC] LDAP integration in kimchi

LDAP supports connect to it (bind) for authentication, usr/group/role add/delete for authorization. For kimchi-LDAP integration we need to address following issues: 1. LDAP set up scripts for kimchi: We need to add initial users: guest, admin; roles: netadmin, hostadmin, guestadmin in LDAP server. Adding these schema for user maybe a burden, we may supply a script to init LDAP server configuration 2. Configuration of using LDAP: Configured to use PAM/LDAP, Connecting to a dedicate LDAP server address(As we may use an LDAP to store information of clustered machine, address can be modified). If this LDAP server does not exist, ask user if they want to setup one, and help them with setup scripts. For this release just support one LDAP per host. 3. Module for LDAP operation wrapping: A dedicate module to encapsulate LDAP operations, such as bind/unbind, adding, deleting, query groups/roles. 4. authentication: We need to abstract authenticate class to be compatible with both PAM and LDAP, and call bind/unbind to implement authentication. 5. authorization: Abstract authentication module to distiguish PAM and LDAP, user name still from cherrypy session, when using LDAP, user/role information are all retrieved from LDAP server. 6. user/role maintenance: Manipulate LDAP to add user, delete user, authorize user with a role, add role/delete role, and so on. This part will not be covered in this release.