<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Thanks guys, this is the way we will
make progress. <br>
<br>
This is absolutely the kind of thing that should be on the
openstack-dev list, in case you were reluctant to put it there.<br>
<br>
On 09/13/2012 08:33 AM, Jose Castro Leon wrote:<br>
</div>
<blockquote
cite="mid:248A2D277CB6E34992A0902A839C1E5D64F46C07@CERNXCHG01.cern.ch"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<base href="x-msg://10175/">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I
am already in touch with him
</span><span style="font-size:11.0pt;font-family:Wingdings">J</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Bugs
already submitted to do some configuration changes, I will
upload the patches as soon as possible<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="https://bugs.launchpad.net/keystone/+bug/1050398">https://bugs.launchpad.net/keystone/+bug/1050398</a><o:p></o:p></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="https://bugs.launchpad.net/keystone/+bug/1050400">https://bugs.launchpad.net/keystone/+bug/1050400</a><o:p></o:p></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="https://bugs.launchpad.net/keystone/+bug/1050401">https://bugs.launchpad.net/keystone/+bug/1050401</a><o:p></o:p></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="https://bugs.launchpad.net/keystone/+bug/1050402">https://bugs.launchpad.net/keystone/+bug/1050402</a><o:p></o:p></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="https://bugs.launchpad.net/keystone/+bug/1050406">https://bugs.launchpad.net/keystone/+bug/1050406</a><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Kind
regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><b><span
style="font-family:"Calibri","sans-serif""
lang="ES">Jose Castro Leon<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""
lang="ES">CERN IT-OIS-IN tel:
+41.22.76.74272<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">
mob: +41.76.48.79222<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">
fax: +41.22.76.67955<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">Office:
31-R-021 CH-1211 Geneve 23<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">email:
<span style="color:#1F497D"><a moz-do-not-send="true"
href="mailto:jose.castro.leon@cern.ch"><span
style="color:#1F497D">jose.castro.leon@cern.ch</span></a></span><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Alessandro Pilotti
[<a class="moz-txt-link-freetext" href="mailto:apilotti@cloudbasesolutions.com">mailto:apilotti@cloudbasesolutions.com</a>]
<br>
<b>Sent:</b> 13 September 2012 14:21<br>
<b>To:</b> Jose Castro Leon<br>
<b>Cc:</b> Peter Pouliot; Luis Fernandez Alvarez; Adam
Young<br>
<b>Subject:</b> Re: Keystone AD integration<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hi Jose,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">great! I add in copy Adam, which is the
author of the Keystone LDAP module. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks for sharing!<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black">Alessandro
Pilotti<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
class="apple-style-span"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black">Cloudbase
Solutions Srl</span></span><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black"><br>
<span class="apple-style-span">-------------------------------------</span><br>
<span class="apple-style-span">MVP <a
moz-do-not-send="true"
href="http://ASP.Net">ASP.Net</a> / IIS</span><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
class="apple-style-span"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black">Windows
Azure Insider</span></span><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black"><br>
<span class="apple-style-span">Red Hat
Certified Engineer </span><br>
<span class="apple-style-span">-------------------------------------</span><o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black"><br>
<br>
<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black"><br>
<br>
</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Sep 13, 2012, at 14:52 , Jose Castro
Leon <<a moz-do-not-send="true"
href="mailto:jose.castro.leon@cern.ch">jose.castro.leon@cern.ch</a>><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Hi,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I
managed to get it working with the standard LDAP
module. In such module there is more configuration</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">that
is hardcoded and needs a refactor. I am preparing the
changes to send them to upstream, it should</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">be
easy as I am extracting configuration parameters to
keystone configuration file, I will create the</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">appropriate
bugs in Launchpad to do so (with the appropriate
fixes).</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">The
schema is the default schema that comes with Windows
2008 (standard schema + services for unix)</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">The
only configuration change was modifying a parameter on
the class organizationalRole to allow to</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">have
groupOfNames as a superior.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">A
simplified view of the schema used by the application
is the following:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Users<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
|<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
--> demo_user (user)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Tenants<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
|<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
--> My Tenant (groupOfNames)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
| @member(demo_user)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
|<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
--> member (organizationalRole)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
@roleOccupant (demo_user)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Roles<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
|<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
--> member (organizationalRole)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">In
() class of the object<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
@ attribute of the object<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I
point users to the standard users in AD, and create 2
different OUs for store the tenants and the roles.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">As
a summary, we have everything of the backend related
to user, tenant and role operations available.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">It
seems also that in a large scale scenario it needs a
rework, but it will change substantially and maybe
will</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">not
be available soon</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Kind
regards,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><b><span
style="font-family:"Calibri","sans-serif""
lang="ES">Jose Castro Leon</span></b><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif""
lang="ES">CERN IT-OIS-IN
tel: +41.22.76.74272</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">
mob: +41.76.48.79222</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">
fax: +41.22.76.67955</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">Office:
31-R-021 CH-1211 Geneve 23</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif"">email:<span
class="apple-converted-space"> </span><span
style="color:#1F497D"><a moz-do-not-send="true"
href="mailto:jose.castro.leon@cern.ch"><span
style="color:#1F497D">jose.castro.leon@cern.ch</span></a></span></span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<div>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
class="apple-converted-space"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> </span></span><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Alessandro
Pilotti [<a class="moz-txt-link-freetext" href="mailto:apilotti@">mailto:apilotti@</a><a moz-do-not-send="true"
href="http://cloudbasesolutions.com">cloudbasesolutions.com</a>]<span
class="apple-converted-space"> </span><br>
<b>Sent:</b><span class="apple-converted-space"> </span>13
September 2012 13:37<br>
<b>To:</b><span class="apple-converted-space"> </span>Jose
Castro Leon<br>
<b>Cc:</b><span class="apple-converted-space"> </span>Peter
Pouliot; Luis Fernandez Alvarez<br>
<b>Subject:</b><span class="apple-converted-space"> </span>Keystone
AD integration</span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">Hi Jose,<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">Lous told us that you are working
on Keystone LDAP Active directory integration, which
is also on our TODO list.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">Would it be possible for you to
share with us your progress and if possible the LDAP
attribute mapping you used?<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">Thanks!<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif"">Alessandro
Pilotti</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span
class="apple-style-span"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif"">Cloudbase
Solutions Srl</span></span><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif""><br>
<span class="apple-style-span">-------------------------------------</span><br>
<span class="apple-style-span">MVP</span><span
class="apple-converted-space"> </span><span
class="apple-style-span"><a
moz-do-not-send="true"
href="http://ASP.Net"><span
style="color:purple">ASP.Net</span></a></span><span
class="apple-converted-space"> </span><span
class="apple-style-span">/ IIS</span></span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span
class="apple-style-span"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif"">Windows
Azure Insider</span></span><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif""><br>
<span class="apple-style-span">Red Hat
Certified Engineer </span><br>
<span class="apple-style-span">-------------------------------------</span></span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif""><br>
<br>
<br>
</span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif""> </span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif""> </span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif""> </span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif""><br>
<br>
<br>
</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
</body>
</html>