Re: [Rdo-list] LDAP configuration

[Adding Adam Young and Robert Crittenden, as they may have some suggestions.] On Thu, May 15, 2014 at 09:02:56AM -0700, Erich Weiler wrote: > I second this request - I'm also extremely interested in plugging > keystone into an existing LDAP DIT. I was hoping that I could use > pre-existing accounts in LDAP and maybe just add some attributes or > something along those lines for roles, tenants, etc... > > Is that how it works?

I haven't tried LDAP w/ Keystone yet, but here are some references that might come in handy: - Configuring Keystone for LDAP backend[1] - LDAP configuration notes for Keystone from Grizzly release[2][3] - Keystone integration w/ FreeIPA project where Tenants, and Roles are managed by Keystone [1] http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-... [2] http://docs.openstack.org/grizzly/openstack-compute/admin/content/configu... [3] http://docs.openstack.org/grizzly/openstack-compute/admin/content/referen... [4] http://openstack.redhat.com/Keystone_integration_with_IDM >> On May 15, 2014, at 6:54 AM, "Devine, Patrick D." >> <PATRICK.D.DEVINE(a)leidos.com&gt; wrote: >> >> All, >> >> I have deployed the Havana version of Openstack via Foreman. However >> now I want to switch Keystone to utilize my LDAP server for >> authentication vs MySQL. I have followed the instructions for >> configuring the keystone.conf to point at my server but I haven't >> seen any documentation on how the LDAP should be populated. For >> example do I have to re-create all the user accounts for each >> openstack module? I get that I need to have a people, role, and >> project set up but there is nothing about what users are needed, how >> they relate to the project and roles. >> >> Has anyone got their Openstack working with LDAP and if so what does >> you ldap look like? >>