[Rdo-list] RDO with Red Hat IDM
msolberg at redhat.com
Thu May 30 21:13:59 UTC 2013
I've spent a day or two now trying to use Red Hat IDM as a backing store
for Keystone in RDO and I'm about to pull my hair out.
I started with Adam Young's blog post here:
Then I watched his Summit video here:
Then I tried to follow this document:
I definitely ran into the domain_id problem described here:
I also ran into the issue around the RFC 4519 schema not allowing a
"enabled" attribute. I think I've mitigated this by setting the
"attribute_ignore" settings in keystone.conf.
I've tried tackling the architecture from a few different directions and
I've gotten to the point where I can create roles, create tenants, and
list users in my IDM domain, but not assign roles to users. I think
this is because I'm trying to separate out the tenants and roles from
the users in the directory tree. I don't mind keystone creating objects
in it's own tree, but I don't want it updating user accounts from IDM.
Has anyone gotten this configuration working? I'm willing to wade
through details, but I'm curious if someone else has this working and I
could just replicate their setup.
Principal Architect, Red Hat, Inc.
More information about the dev