[Openstack] [Keystone] Quotas: LDAP Help
Ionut Artarisi
iartarisi at suse.cz
Tue Aug 14 13:05:32 UTC 2012
On 07/25/2012 05:32 PM, Adam Young wrote:
> On 07/25/2012 10:19 AM, Ionuț Arțăriși wrote:
>>
>> Hi,
>>
>> I just wanted to add a bit to this thread. We're currently working on
>> a hybrid backend between LDAP and SQL. I have a working version for a
>> specific setup in which the user accounts are stored in LDAP, but
>> tenants and roles are all stored in SQL together with other openstack
>> user accounts such as the nova admin account.
>>
>> I basically just Frankensteined the two backends together for user
>> processing and left everything else to be handled by the SQL backend.
>> I'd like to hear other people's opinion on this or alternative
>> implementations.
>
> Are tenants completely in the SQL DB? If so, how to you list tenants
> for a given user?
>
> Do you copy users from LDAP to SQL for anything?
Urgh, sorry for the late answer.
Tenats are all in the SQL DB and no users are copied from LDAP to SQL.
For listing tenants for a given user, right now we have a hacky
get_tenants_for_user method which can be configured/rewritten by the
sysadmin. We have a sample method which adds a pre-configured tenant to
the existing list of tenants (from SQL) for usecases like: make all LDAP
users part of tenant X.
-Ionuț
More information about the Openstack
mailing list