[Rdo-list] LDAP configuration

Kashyap Chamarthy kchamart at redhat.com
Fri May 16 06:13:39 UTC 2014


[Adding Adam Young and Robert Crittenden, as they may have some
suggestions.]

On Thu, May 15, 2014 at 09:02:56AM -0700, Erich Weiler wrote:
> I second this request - I'm also extremely interested in plugging
> keystone into an existing LDAP DIT.  I was hoping that I could use
> pre-existing accounts in LDAP and maybe just add some attributes or
> something along those lines for roles, tenants, etc...
> 
> Is that how it works?

I haven't tried LDAP w/ Keystone yet, but here are some references that
might come in handy:

 - Configuring Keystone for LDAP backend[1]
 - LDAP configuration notes for Keystone from Grizzly release[2][3]
 - Keystone integration w/ FreeIPA project where Tenants, and Roles are managed
by Keystone


  [1] http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html
  [2] http://docs.openstack.org/grizzly/openstack-compute/admin/content/configuring-keystone-for-ldap-backend.html
  [3] http://docs.openstack.org/grizzly/openstack-compute/admin/content/reference-for-ldap-config-options.html
  [4] http://openstack.redhat.com/Keystone_integration_with_IDM

> 
> > On May 15, 2014, at 6:54 AM, "Devine, Patrick D."
> > <PATRICK.D.DEVINE at leidos.com> wrote:
> > 
> > All,
> > 
> > I have deployed the Havana version of Openstack via Foreman. However
> > now I want to switch Keystone to utilize my LDAP server for
> > authentication vs MySQL. I have followed the instructions for
> > configuring the keystone.conf to point at my server but I haven't
> > seen any documentation on how the LDAP should be populated. For
> > example do I have to re-create all the user accounts for each
> > openstack module? I get that I need to have a people, role, and
> > project set up but there is nothing about what users are needed, how
> > they relate to the project and roles. 
> > 
> > Has anyone got their Openstack working with LDAP and if so what does
> > you ldap look like?
> > 


-- 
/kashyap




More information about the dev mailing list