[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Rdo-list] LDAP configuration



On 05/16/2014 02:13 AM, Kashyap Chamarthy wrote:
[Adding Adam Young and Robert Crittenden, as they may have some
suggestions.]

On Thu, May 15, 2014 at 09:02:56AM -0700, Erich Weiler wrote:
I second this request - I'm also extremely interested in plugging
keystone into an existing LDAP DIT.  I was hoping that I could use
pre-existing accounts in LDAP and maybe just add some attributes or
something along those lines for roles, tenants, etc...

Is that how it works?

Pretty much:  LDAP should be for Users and Groups, and the rest in SQL.

You do need service users, though, which can be an issue in some organizations.
I haven't tried LDAP w/ Keystone yet, but here are some references that
might come in handy:

  - Configuring Keystone for LDAP backend[1]
  - LDAP configuration notes for Keystone from Grizzly release[2][3]
  - Keystone integration w/ FreeIPA project where Tenants, and Roles are managed
by Keystone


   [1] http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html
   [2] http://docs.openstack.org/grizzly/openstack-compute/admin/content/configuring-keystone-for-ldap-backend.html
   [3] http://docs.openstack.org/grizzly/openstack-compute/admin/content/reference-for-ldap-config-options.html
   [4] http://openstack.redhat.com/Keystone_integration_with_IDM

On May 15, 2014, at 6:54 AM, "Devine, Patrick D."
<PATRICK D DEVINE leidos com> wrote:

All,

I have deployed the Havana version of Openstack via Foreman. However
now I want to switch Keystone to utilize my LDAP server for
authentication vs MySQL. I have followed the instructions for
configuring the keystone.conf to point at my server but I haven't
seen any documentation on how the LDAP should be populated. For
example do I have to re-create all the user accounts for each
openstack module? I get that I need to have a people, role, and
project set up but there is nothing about what users are needed, how
they relate to the project and roles.

Has anyone got their Openstack working with LDAP and if so what does
you ldap look like?




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]