[openstack-dev] Keystone Split Backend LDAP Question

Alexius Ludeman lex at lexinator.com
Sun Aug 4 20:16:47 UTC 2013 

2.  I have a bug open on this problem:

https://bugs.launchpad.net/keystone/+bug/1205150



On Fri, Aug 2, 2013 at 3:59 PM, Miller, Mark M (EB SW Cloud - R&D -
Corvallis) <mark.m.miller at hp.com> wrote:

>  Hello,****
>
> ** **
>
> With some minor tweaking of the keystone common/ldap/core.py file, I have
> been able to authenticate and get an unscoped token for a user from an LDAP
> Enterprise Directory. I want to continue testing but I have some questions
> that need to be answered before I can continue.****
>
> ** **
>
> **1.       **Do I need to add the user from the LDAP server to the
> Keystone SQL database or will the H-2 code search the LDAP server?****
>
> **2.       **When I performed a “keystone user-list” the following log
> file entries were written indicating that keystone was attempting to get
> all the users on the massive Enterprise Directory. How do we limit this
> query to just the one user or group of users we are interested in?****
>
> ** **
>
> 2013-07-23 14:04:31    DEBUG [keystone.common.ldap.core] LDAP bind:
> dn=cn=CloudOSKeystoneDev, ou=Applications, o=hp.com****
>
> 2013-07-23 14:04:32    DEBUG [keystone.common.ldap.core] In get_connection
> 6 user: cn=CloudOSKeystoneDev, ou=Applications, o=hp.com****
>
> 2013-07-23 14:04:32    DEBUG [keystone.common.ldap.core] MY query in _ldap_get_all:
> (&)****
>
>   2013-07-23 14:04:32    DEBUG [keystone.common.ldap.core] LDAP search:
> dn=ou=People,o=hp.com, scope=2, query=(&), attrs=['businessCategory',
> 'userPassword', 'hpStatus', 'mail', 'uid']****
>
> **3.       **Next I want to acquire a scoped token. How do I assign the
> LDAP user to a local project?****
>
> ** **
>
> Regards,****
>
> ** **
>
> Mark Miller****
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130804/cb841473/attachment-0001.html>

More information about the OpenStack-dev mailing list