[openstack-dev] Using AD for keystone authentication only
Avi L
aviostack at gmail.com
Wed Nov 13 21:08:40 UTC 2013
Oh ok so in this case how does the Active Directory user gets a id , and
how do you map the user to a role? Is there any example you can point me
to?
On Wed, Nov 13, 2013 at 11:24 AM, Dolph Mathews <dolph.mathews at gmail.com>wrote:
> Yes, that's the preferred approach in Havana: Users and Groups via LDAP,
> and everything else via SQL.
>
>
> On Wednesday, November 13, 2013, Avi L wrote:
>
>> Hi,
>>
>> I understand that the LDAP provider in keystone can be used for
>> authenticating a user (i.e validate username and password) , and it also
>> authorize it against roles and tenant. However this requires AD schema
>> modification. Is it possible to use AD only for authentication and then use
>> keystone's native database for roles and tenant lookup? The advantage is
>> that then we don't need to touch the enterprise AD installation.
>>
>> Thanks
>> Al
>>
>
>
> --
>
> -Dolph
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131113/017242a4/attachment.html>
More information about the OpenStack-dev
mailing list