<p>Wenmao- I've seen translucent LDAP proxies used for this type of operation, although typically to provide additional attributes rather than additional users. </p>
<p>-- Sent from a tiny keyboard</p>
<div class="gmail_quote">On Jan 22, 2013 4:23 AM, "Liu Wenmao" <<a href="mailto:marvelliu@gmail.com">marvelliu@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Liu Wenmao</b> <span dir="ltr"><<a href="mailto:marvelliu@gmail.com" target="_blank">marvelliu@gmail.com</a>></span><br>
Date: Tue, Jan 22, 2013 at 4:55 PM<br>Subject: Re: [Openstack] using Win AD authentication as keystone backend<br>To: Tim Bell <<a href="mailto:Tim.Bell@cern.ch" target="_blank">Tim.Bell@cern.ch</a>><br><br><br><div dir="ltr">
Thanks <span name="Tim Bell" style="font-size:13px;font-family:arial,sans-serif">Bell</span><div>
<span name="Tim Bell" style="font-size:13px;font-family:arial,sans-serif"><br></span></div><div>
<span name="Tim Bell" style="font-size:13px;font-family:arial,sans-serif">is it possible to use active directory and mysql database at the same time? for example, keystone first query the user in AD, if nothing is found, it then query mysql database.</span></div>
<div><span name="Tim Bell" style="font-size:13px;font-family:arial,sans-serif"><br></span></div><div><span name="Tim Bell" style="font-size:13px;font-family:arial,sans-serif">The motivation is that I want to store service users(glance, nova) in mysql and use current AD database for employee login.</span></div>
<span><font color="#888888">
<div><span name="Tim Bell" style="font-size:13px;font-family:arial,sans-serif"><br></span></div><div><span name="Tim Bell" style="font-size:13px;font-family:arial,sans-serif">Wenmao</span></div>
</font></span></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jan 22, 2013 at 3:51 PM, Tim Bell <span dir="ltr"><<a href="mailto:Tim.Bell@cern.ch" target="_blank">Tim.Bell@cern.ch</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-GB" link="#0563C1" vlink="#954F72"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">We run Active Directory with Keystone at CERN.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">The configuration is documented by Jose in the Wiki at <a href="http://wiki.openstack.org/HowtoIntegrateKeystonewithAD" target="_blank">http://wiki.openstack.org/HowtoIntegrateKeystonewithAD</a>.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Not sure if all the patches made it into Folsom though.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Tim<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif""> openstack-bounces+tim.bell=<a href="mailto:cern.ch@lists.launchpad.net" target="_blank">cern.ch@lists.launchpad.net</a> [mailto:<a href="mailto:openstack-bounces%2Btim.bell" target="_blank">openstack-bounces+tim.bell</a>=<a href="mailto:cern.ch@lists.launchpad.net" target="_blank">cern.ch@lists.launchpad.net</a>] <b>On Behalf Of </b>Liu Wenmao<br>
<b>Sent:</b> 22 January 2013 04:23<br><b>To:</b> <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br><b>Subject:</b> [Openstack] using Win AD authentication as keystone backend<u></u><u></u></span></p>
</div></div><div><div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">hello all:<u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">My company use Windows AD(<span style="font-family:"Arial","sans-serif"">active directory)</span> authentication for internal user login, is it possible to integrate the current authentication with keystone backend, so that we do not extra user/password maintaining. Hope Openstack Folsom has an easy and stable solution.<u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">thanks <u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div>
<p class="MsoNormal">Wenmao Liu<u></u><u></u></p></div><div><p class="MsoNormal">NSFOCUS<u></u><u></u></p></div></div></div></div></div></div></div></blockquote></div><br></div>
</div></div></div><br></div>
<br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div>