[openstack-dev] Using AD for keystone authentication only

Avi L aviostack at gmail.com
Wed Nov 13 19:12:16 UTC 2013


I understand that the LDAP provider in keystone can be used for
authenticating a user (i.e validate username and password) , and it also
authorize it against roles and tenant. However this requires AD schema
modification. Is it possible to use AD only for authentication and then use
keystone's native database for roles and tenant lookup? The advantage is
that then we don't need to touch the enterprise AD installation.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131113/8b321fa4/attachment.html>

More information about the OpenStack-dev mailing list