[Rdo-list] LDAP configuration
Adam Young
ayoung at redhat.com
Tue May 20 03:39:16 UTC 2014
On 05/16/2014 02:13 AM, Kashyap Chamarthy wrote:
> [Adding Adam Young and Robert Crittenden, as they may have some
> suggestions.]
>
> On Thu, May 15, 2014 at 09:02:56AM -0700, Erich Weiler wrote:
>> I second this request - I'm also extremely interested in plugging
>> keystone into an existing LDAP DIT. I was hoping that I could use
>> pre-existing accounts in LDAP and maybe just add some attributes or
>> something along those lines for roles, tenants, etc...
>>
>> Is that how it works?
Pretty much: LDAP should be for Users and Groups, and the rest in SQL.
You do need service users, though, which can be an issue in some
organizations.
> I haven't tried LDAP w/ Keystone yet, but here are some references that
> might come in handy:
>
> - Configuring Keystone for LDAP backend[1]
> - LDAP configuration notes for Keystone from Grizzly release[2][3]
> - Keystone integration w/ FreeIPA project where Tenants, and Roles are managed
> by Keystone
>
>
> [1] http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html
> [2] http://docs.openstack.org/grizzly/openstack-compute/admin/content/configuring-keystone-for-ldap-backend.html
> [3] http://docs.openstack.org/grizzly/openstack-compute/admin/content/reference-for-ldap-config-options.html
> [4] http://openstack.redhat.com/Keystone_integration_with_IDM
>
>>> On May 15, 2014, at 6:54 AM, "Devine, Patrick D."
>>> <PATRICK.D.DEVINE at leidos.com> wrote:
>>>
>>> All,
>>>
>>> I have deployed the Havana version of Openstack via Foreman. However
>>> now I want to switch Keystone to utilize my LDAP server for
>>> authentication vs MySQL. I have followed the instructions for
>>> configuring the keystone.conf to point at my server but I haven't
>>> seen any documentation on how the LDAP should be populated. For
>>> example do I have to re-create all the user accounts for each
>>> openstack module? I get that I need to have a people, role, and
>>> project set up but there is nothing about what users are needed, how
>>> they relate to the project and roles.
>>>
>>> Has anyone got their Openstack working with LDAP and if so what does
>>> you ldap look like?
>>>
>
More information about the dev
mailing list