Re: [Rdo-list] LDAP configuration
[Adding Adam Young and Robert Crittenden, as they may have some
suggestions.]
On Thu, May 15, 2014 at 09:02:56AM -0700, Erich Weiler wrote:
I second this request - I'm also extremely interested in
plugging
keystone into an existing LDAP DIT. I was hoping that I could use
pre-existing accounts in LDAP and maybe just add some attributes or
something along those lines for roles, tenants, etc...
Is that how it works?
I haven't tried LDAP w/ Keystone yet, but here are some references that
might come in handy:
- Configuring Keystone for LDAP backend[1]
- LDAP configuration notes for Keystone from Grizzly release[2][3]
- Keystone integration w/ FreeIPA project where Tenants, and Roles are managed
by Keystone
[1]
http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-...
[2]
http://docs.openstack.org/grizzly/openstack-compute/admin/content/configu...
[3]
http://docs.openstack.org/grizzly/openstack-compute/admin/content/referen...
[4] http://openstack.redhat.com/Keystone_integration_with_IDM
> On May 15, 2014, at 6:54 AM, "Devine, Patrick D."
> <PATRICK.D.DEVINE(a)leidos.com> wrote:
>
> All,
>
> I have deployed the Havana version of Openstack via Foreman. However
> now I want to switch Keystone to utilize my LDAP server for
> authentication vs MySQL. I have followed the instructions for
> configuring the keystone.conf to point at my server but I haven't
> seen any documentation on how the LDAP should be populated. For
> example do I have to re-create all the user accounts for each
> openstack module? I get that I need to have a people, role, and
> project set up but there is nothing about what users are needed, how
> they relate to the project and roles.
>
> Has anyone got their Openstack working with LDAP and if so what does
> you ldap look like?
>
--
/kashyap