<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hello,</p>
<p><br>
</p>
<p>You can use multi domain authentification.</p>
<p><br>
</p>
<p>One using LDAP and an other one using database</p>
<p><br>
</p>
<p><a href="https://docs.openstack.org/keystone/latest/admin/configuration.html">https://docs.openstack.org/keystone/latest/admin/configuration.html</a></p>
<p><br>
</p>
<p>Best regards,</p>
<p><span id="ms-rterangepaste-end">Romain</span><br>
</p>
<div style="word-wrap:break-word; line-break:after-white-space">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> Amjad Kotobi <kotobi@dkrz.de><br>
<b>Sent:</b> Wednesday, May 20, 2020 2:41 PM<br>
<b>To:</b> openstack-discuss@lists.openstack.org<br>
<b>Subject:</b> [keystone][ldap]</font>
<div> </div>
</div>
<div>Hi all,
<div class=""><br class="">
</div>
<div class="">I’m integrating keystone with LDAP, and having “service account” e.g. Nova, keystone etc.. which are in database.</div>
<div class="">As soon as connecting it to ldap all authentication getting failed, how can I have both “service account” and “LDAP users”  connected to Keystone?</div>
<div class=""><br class="">
</div>
<div class="">Here is my keystone.conf </div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">###################</div>
<div class="">
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
[ldap]</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"; min-height:14px">
<br class="">
</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
url = <a href="" class="">ldap://XXXXX</a></div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
user = uid=XXX,cn=sysaccounts,cn=etc,dc=XXX,dc=de</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
password = dkrzprox</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
user_tree_dn = cn=users,cn=accounts,dc=XXX,dc=de</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
user_objectclass = posixAccount</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
user_id_attribute = uid</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
user_name_attribute = uid</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
user_allow_create = false</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
user_allow_update = false</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
user_allow_delete = false</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
group_tree_dn = cn=groups,cn=accounts,dc=XXX,dc=de</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
group_objectclass = groupOfNames</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
group_id_attribute = cn</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
group_name_attribute = cn</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
group_member_attribute = member</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
group_desc_attribute = description</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
group_allow_create = false</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
group_allow_update = false</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
group_allow_delete = false</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
use_pool = true</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
use_auth_pool = true</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
debug_level = 4095</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
query_scope = sub</div>
</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
<br class="">
</div>
<div class="" style="margin:0px; line-height:normal; font-family:"Helvetica Neue"">
<div class="" style="margin:0px; line-height:normal">[identity]</div>
<div class="" style="margin:0px; line-height:normal; min-height:14px"><br class="">
</div>
<div class="" style="margin:0px; line-height:normal">driver = ldap</div>
<div class="" style="margin:0px; line-height:normal"><br class="">
</div>
<div class="" style="margin:0px; line-height:normal">#####################</div>
<div class="" style="margin:0px; line-height:normal"><br class="">
</div>
<div class="" style="margin:0px; line-height:normal">OS: Centos7</div>
<div class="" style="margin:0px; line-height:normal">OpenStack-Release: Train</div>
<div class="" style="margin:0px; line-height:normal"><br class="">
</div>
<div class="" style="margin:0px; line-height:normal">Any idea or example of options gonna be great!</div>
<div class="" style="margin:0px; line-height:normal"><br class="">
</div>
<div class="" style="margin:0px; line-height:normal"><br class="">
</div>
<div class="" style="margin:0px; line-height:normal">Thank you</div>
<div class="" style="margin:0px; line-height:normal"><br class="">
</div>
<div class="" style="margin:0px; line-height:normal"><br class="">
</div>
<div class=""><br class="">
</div>
</div>
</div>
</div>
</body>
</html>