[openstack-dev] Using AD for keystone authentication only
Dolph Mathews
dolph.mathews at gmail.com
Wed Nov 13 19:24:21 UTC 2013
Yes, that's the preferred approach in Havana: Users and Groups via LDAP,
and everything else via SQL.
On Wednesday, November 13, 2013, Avi L wrote:
> Hi,
>
> I understand that the LDAP provider in keystone can be used for
> authenticating a user (i.e validate username and password) , and it also
> authorize it against roles and tenant. However this requires AD schema
> modification. Is it possible to use AD only for authentication and then use
> keystone's native database for roles and tenant lookup? The advantage is
> that then we don't need to touch the enterprise AD installation.
>
> Thanks
> Al
>
--
-Dolph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131113/d677cc0c/attachment.html>
More information about the OpenStack-dev
mailing list