[Openstack] [Keystone] Leverage an existing (non-KS) DB?

Adam Young ayoung at redhat.com
Wed Apr 23 03:42:19 UTC 2014 

On 04/21/2014 02:28 PM, Adam Lawson wrote:
> Crap, hit send half-way through. Let's try this again...
>
> Can Keystone work with a non-KS database for authentication and 
> authorization via API? There is an existing SQL database of 
> users/passwords/roles etc supporting an existing cloud and I'm being 
> asked to research the options how to introduce Keystone with read-only 
> access. Finding options on how this might happen has been challenging.
The bad news: You will have to write your own backend.
The Good News:  you don't need to implement a lot. All you need is the 
code to get users and groups.


Take a look at the existing SQL backend and chop out anything that 
actually writes to the DB.  Code is here:

http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/sql.py
>
> Basically, they have a cloud with S3 object storage but want to move 
> towards Swift + Keystone but continue using their existing database as 
> the hub of all things related to credentials and authorizations. I 
> figure Keystone can connect to a foreign SQL DB if the values were 
> mapped correctly, but I don't know where this has been done prior. 
> Thoughts?
>
> Mahalo,
> Adam
>
> */
> Adam Lawson/*
> AQORN, Inc.
> 427 North Tatnall Street
> Ste. 58461
> Wilmington, Delaware 19801-2230
> Toll-free: (844) 4-AQORN-NOW
> Direct: +1 (302) 268-6914
>
>
>
> On Mon, Apr 21, 2014 at 11:18 AM, Adam Lawson <alawson at aqorn.com 
> <mailto:alawson at aqorn.com>> wrote:
>
>     Small q company has a custom database with user/pass's scraped
>     from LDAP with some existing cloud concoction, Is there a straight
>     forward way for Keystone to use that database for authorization
>     and authentication with minimal development/re-tooling? Is there a
>     good starting point to create an API to use that database?
>
>     */
>     Adam Lawson/*
>     AQORN, Inc.
>     427 North Tatnall Street
>     Ste. 58461
>     Wilmington, Delaware 19801-2230
>     Toll-free: (844) 4-AQORN-NOW
>     Direct: +1 (302) 268-6914 <tel:%2B1%20%28302%29%20268-6914>
>
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140422/39875d54/attachment.html>

More information about the Openstack mailing list