8:54 a.m.
All,
I have deployed the Havana version of Openstack via Foreman. However now I want to switch
Keystone to utilize my LDAP server for authentication vs MySQL. I have followed the
instructions for configuring the keystone.conf to point at my server but I haven't
seen any documentation on how the LDAP should be populated. For example do I have to
re-create all the user accounts for each openstack module? I get that I need to have a
people, role, and project set up but there is nothing about what users are needed, how
they relate to the project and roles.
Has anyone got their Openstack working with LDAP and if so what does you ldap look like?
Thanks
--
Patrick Devine | Leidos
Software Integration Engineer | Command and Intelligence Support Operation
mobile: 443-562-0668 | office: 443-574-4266 | email:
Patrick.D.Devine@Leidos.com<mailto:Patrick.D.Devine@Leidos.com>
Please consider the environment before printing this email.
9:06 a.m.
Adding Giulio to that.
On 05/15/2014 02:54 PM, Devine, Patrick D. wrote:
All,
I have deployed the Havana version of Openstack via Foreman. However
now I want to switch Keystone to utilize my LDAP server for
authentication vs MySQL. I have followed the instructions for
configuring the keystone.conf to point at my server but I haven't seen
any documentation on how the LDAP should be populated. For example do
I have to re-create all the user accounts for each openstack module? I
get that I need to have a people, role, and project set up but there
is nothing about what users are needed, how they relate to the project
and roles.
Has anyone got their Openstack working with LDAP and if so what does
you ldap look like?
Thanks
--
Patrick Devine | Leidos
Software Integration Engineer | Command and Intelligence Support Operation
mobile: 443-562-0668 | office: 443-574-4266 | email:Patrick.D.Devine@Leidos.com
Please consider the environment before printing this email.
_______________________________________________
Rdo-list mailing list
Rdo-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/rdo-list
--
Dafna Ron
11:02 a.m.
I second this request - I'm also extremely interested in plugging keystone into an
existing LDAP DIT. I was hoping that I could use pre-existing accounts in LDAP and maybe
just add some attributes or something along those lines for roles, tenants, etc...
Is that how it works?
On May 15, 2014, at 6:54 AM, "Devine, Patrick D."
<PATRICK.D.DEVINE(a)leidos.com> wrote:
All,
I have deployed the Havana version of Openstack via Foreman. However now I want to switch
Keystone to utilize my LDAP server for authentication vs MySQL. I have followed the
instructions for configuring the keystone.conf to point at my server but I haven't
seen any documentation on how the LDAP should be populated. For example do I have to
re-create all the user accounts for each openstack module? I get that I need to have a
people, role, and project set up but there is nothing about what users are needed, how
they relate to the project and roles.
Has anyone got their Openstack working with LDAP and if so what does you ldap look like?
Thanks
--
Patrick Devine | Leidos
Software Integration Engineer | Command and Intelligence Support Operation
mobile: 443-562-0668 | office: 443-574-4266 | email: Patrick.D.Devine(a)Leidos.com
Please consider the environment before printing this email.
_______________________________________________
Rdo-list mailing list
Rdo-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/rdo-list
1:13 a.m.
[Adding Adam Young and Robert Crittenden, as they may have some
suggestions.]
On Thu, May 15, 2014 at 09:02:56AM -0700, Erich Weiler wrote:
I second this request - I'm also extremely interested in
plugging
keystone into an existing LDAP DIT. I was hoping that I could use
pre-existing accounts in LDAP and maybe just add some attributes or
something along those lines for roles, tenants, etc...
Is that how it works?
I haven't tried LDAP w/ Keystone yet, but here are some references that
might come in handy:
- Configuring Keystone for LDAP backend[1]
- LDAP configuration notes for Keystone from Grizzly release[2][3]
- Keystone integration w/ FreeIPA project where Tenants, and Roles are managed
by Keystone
[1]
http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-...
[2]
http://docs.openstack.org/grizzly/openstack-compute/admin/content/configu...
[3]
http://docs.openstack.org/grizzly/openstack-compute/admin/content/referen...
[4] http://openstack.redhat.com/Keystone_integration_with_IDM
> On May 15, 2014, at 6:54 AM, "Devine, Patrick D."
> <PATRICK.D.DEVINE(a)leidos.com> wrote:
>
> All,
>
> I have deployed the Havana version of Openstack via Foreman. However
> now I want to switch Keystone to utilize my LDAP server for
> authentication vs MySQL. I have followed the instructions for
> configuring the keystone.conf to point at my server but I haven't
> seen any documentation on how the LDAP should be populated. For
> example do I have to re-create all the user accounts for each
> openstack module? I get that I need to have a people, role, and
> project set up but there is nothing about what users are needed, how
> they relate to the project and roles.
>
> Has anyone got their Openstack working with LDAP and if so what does
> you ldap look like?
>
--
/kashyap
10:39 p.m.
On 05/16/2014 02:13 AM, Kashyap Chamarthy wrote:
[Adding Adam Young and Robert Crittenden, as they may have some
suggestions.]
On Thu, May 15, 2014 at 09:02:56AM -0700, Erich Weiler wrote:
> I second this request - I'm also extremely interested in plugging
> keystone into an existing LDAP DIT. I was hoping that I could use
> pre-existing accounts in LDAP and maybe just add some attributes or
> something along those lines for roles, tenants, etc...
>
> Is that how it works?
Pretty much: LDAP should be for Users and Groups, and the rest in SQL.
You do need service users, though, which can be an issue in some
organizations.
I haven't tried LDAP w/ Keystone yet, but here are some
references that
might come in handy:
- Configuring Keystone for LDAP backend[1]
- LDAP configuration notes for Keystone from Grizzly release[2][3]
- Keystone integration w/ FreeIPA project where Tenants, and Roles are managed
by Keystone
[1]
http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-...
[2]
http://docs.openstack.org/grizzly/openstack-compute/admin/content/configu...
[3]
http://docs.openstack.org/grizzly/openstack-compute/admin/content/referen...
[4] http://openstack.redhat.com/Keystone_integration_with_IDM
>> On May 15, 2014, at 6:54 AM, "Devine, Patrick D."
>> <PATRICK.D.DEVINE(a)leidos.com> wrote:
>>
>> All,
>>
>> I have deployed the Havana version of Openstack via Foreman. However
>> now I want to switch Keystone to utilize my LDAP server for
>> authentication vs MySQL. I have followed the instructions for
>> configuring the keystone.conf to point at my server but I haven't
>> seen any documentation on how the LDAP should be populated. For
>> example do I have to re-create all the user accounts for each
>> openstack module? I get that I need to have a people, role, and
>> project set up but there is nothing about what users are needed, how
>> they relate to the project and roles.
>>
>> Has anyone got their Openstack working with LDAP and if so what does
>> you ldap look like?
>>
3835
days inactive
3840
days old
4 comments
5 participants
participants (5)
-
Adam Young -
Dafna Ron -
Devine, Patrick D. -
Erich Weiler -
Kashyap Chamarthy