
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">On 04/23/2014 01:54 PM, Michael Hearn

      wrote:<br>

    </div>

    <blockquote

cite="mid:CAO1MeZiD5bKDfU_WidLDXn2wykEAYh7LZhV6XhO8ZcpKZe9EQw@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div><span style="font-family:arial,sans-serif;font-size:13px">As

            I understand it, within an  icehouse implementation of

            keystone when utilising a single LDAP server as the

            assignment backend, only one Domain (default) is supported. </span></div>

        <div><span style="font-family:arial,sans-serif;font-size:13px"><br>

          </span></div>

        <div><span style="font-family:arial,sans-serif;font-size:13px">I

            believe there are plans to extend this ability in Juno but

            to what extent? Can anyone hint at the direction being

            taken?  For example w</span><span

            style="font-family:arial,sans-serif;font-size:13px">ill

            keystone support a Domain' organizational unit' in the LDAP

            schema ?</span></div>

      </div>

    </blockquote>

    <br>

    The idea is that each Domain will live in a separate subtree, which

    is potentially in a different LDAP server.<br>

    <br>

    There is a start of this from the Horizon timeframe, but issues with

    deconflicting UserIDs between multiple LDAP servers, or even

    different SAML SOurces in the Federation case, meant that we had to

    take a step back.  Dealing with the Id issue is an hourlong session

    at the OpenStack Design summit.<br>

    <br>

    <br>

    <blockquote

cite="mid:CAO1MeZiD5bKDfU_WidLDXn2wykEAYh7LZhV6XhO8ZcpKZe9EQw@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div><span style="font-family:arial,sans-serif;font-size:13px"><br>

          </span></div>

        <div><span style="font-family:arial,sans-serif;font-size:13px">Many

            Thanks</span></div>

        <div><span style="font-family:arial,sans-serif;font-size:13px">Mike</span></div>

        <div><span style="font-family:arial,sans-serif;font-size:13px"><br>

          </span></div>

        <br>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>

Post to     : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>

Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>

</pre>

    </blockquote>

    <br>

  </body>

</html>