<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 04/21/2014 02:28 PM, Adam Lawson
wrote:<br>
</div>
<blockquote
cite="mid:CAJfWK49voNCKemZoLtLsjdhuX1mpWaqKsTto2AULvg3N4-8zFw@mail.gmail.com"
type="cite">
<div dir="ltr"><span
style="font-family:arial,sans-serif;font-size:13px">Crap, hit
send half-way through. Let's try this again...</span>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div>
<span style="font-family:arial,sans-serif;font-size:13px">Can
Keystone work with a non-KS database for authentication and
authorization </span><span
style="font-family:arial,sans-serif;font-size:13px">via API</span><span
style="font-family:arial,sans-serif;font-size:13px">? There
is an existing SQL database of users/passwords/roles etc
supporting an existing cloud and I'm being asked to research
the options how to introduce Keystone with read-only access.
Finding options on how this might happen has been
challenging.</span></div>
</div>
</blockquote>
The bad news: You will have to write your own backend. <br>
The Good News: you don't need to implement a lot. All you need is
the code to get users and groups.<br>
<br>
<br>
Take a look at the existing SQL backend and chop out anything that
actually writes to the DB. Code is here:<br>
<br>
<a class="moz-txt-link-freetext" href="http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/sql.py">http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/sql.py</a><br>
<blockquote
cite="mid:CAJfWK49voNCKemZoLtLsjdhuX1mpWaqKsTto2AULvg3N4-8zFw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">Basically,
they have a cloud with S3 object storage but want to move
towards Swift + Keystone but continue using their existing
database as the hub of all things related to credentials and
authorizations. I figure Keystone can connect to a foreign
SQL DB if the values were mapped correctly, but I don't know
where this has been done prior. </span><span
style="font-family:arial,sans-serif;font-size:13px">Thoughts?</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">Mahalo,</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">Adam</span></div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div dir="ltr">
<div><font>
<div style="font-family:arial;font-size:small"><b><i><br>
Adam Lawson</i></b></div>
<div><font><font color="#666666" size="1">
<div style="font-family:arial;font-size:small">
AQORN, Inc.</div>
<div style="font-family:arial;font-size:small">427
North Tatnall Street</div>
<div style="font-family:arial;font-size:small">Ste.
58461</div>
<div style="font-family:arial;font-size:small">Wilmington,
Delaware 19801-2230</div>
<div style="font-family:arial;font-size:small">Toll-free:
(844) 4-AQORN-NOW</div>
<div style="font-family:arial;font-size:small">Direct:
+1 (302) 268-6914</div>
</font></font></div>
</font></div>
<div style="font-family:arial;font-size:small">
<img moz-do-not-send="true"
src="http://www.aqorn.com/images/logo.png" height="39"
width="96"><br>
</div>
</div>
</div>
<br>
<br>
<div class="gmail_quote">On Mon, Apr 21, 2014 at 11:18 AM, Adam
Lawson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:alawson@aqorn.com" target="_blank">alawson@aqorn.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Small q company has a custom database with
user/pass's scraped from LDAP with some existing cloud
concoction, Is there a straight forward way for Keystone
to use that database for authorization and authentication
with minimal development/re-tooling? Is there a good
starting point to create an API to use that database?<span
class="HOEnZb"><font color="#888888">
<div>
<br clear="all">
<div>
<div dir="ltr">
<div><font>
<div
style="font-family:arial;font-size:small"><b><i><br>
Adam Lawson</i></b></div>
<div><font><font color="#666666" size="1">
<div
style="font-family:arial;font-size:small">AQORN,
Inc.</div>
<div
style="font-family:arial;font-size:small">427
North Tatnall Street</div>
<div
style="font-family:arial;font-size:small">Ste.
58461</div>
<div
style="font-family:arial;font-size:small">Wilmington,
Delaware 19801-2230</div>
<div
style="font-family:arial;font-size:small">Toll-free:
(844) 4-AQORN-NOW</div>
<div
style="font-family:arial;font-size:small">Direct:
<a moz-do-not-send="true"
href="tel:%2B1%20%28302%29%20268-6914"
value="+13022686914"
target="_blank">+1 (302) 268-6914</a></div>
</font></font></div>
</font></div>
<div style="font-family:arial;font-size:small">
<img moz-do-not-send="true"
src="http://www.aqorn.com/images/logo.png"
height="39" width="96"><br>
</div>
</div>
</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
</body>
</html>