<div dir="ltr">Perhaps Percona Server's PAM plug-in might save you some time.<div><a href="http://www.percona.com/doc/percona-server/5.6/management/pam_plugin.html">http://www.percona.com/doc/percona-server/5.6/management/pam_plugin.html</a><br>
</div><div><br></div><div>Plus you'd probably get a performance gain over MySQL Community Edition.</div><div><br></div><div>Best,<br>Matt Griffin</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br>
<div class="gmail_quote">On Tue, Apr 22, 2014 at 10:42 PM, Adam Young <span dir="ltr"><<a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  
    
  
  <div bgcolor="#FFFFFF" text="#000000"><div class="">
    <div>On 04/21/2014 02:28 PM, Adam Lawson
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr"><span style="font-family:arial,sans-serif;font-size:13px">Crap, hit
          send half-way through. Let's try this again...</span>
        <div><span style="font-family:arial,sans-serif;font-size:13px"><br>
          </span></div>
        <div>
          <span style="font-family:arial,sans-serif;font-size:13px">Can
            Keystone work with a non-KS database for authentication and
            authorization </span><span style="font-family:arial,sans-serif;font-size:13px">via API</span><span style="font-family:arial,sans-serif;font-size:13px">? There
            is an existing SQL database of users/passwords/roles etc
            supporting an existing cloud and I'm being asked to research
            the options how to introduce Keystone with read-only access.
            Finding options on how this might happen has been
            challenging.</span></div>
      </div>
    </blockquote></div>
    The bad news: You will have to write your own backend. <br>
    The Good News:  you don't need to implement a lot. All you need is
    the code to get users and groups.<br>
    <br>
    <br>
    Take a look at the existing SQL backend and chop out anything that
    actually writes to the DB.  Code is here:<br>
    <br>
<a href="http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/sql.py" target="_blank">http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/sql.py</a><br>
    <blockquote type="cite"><div class="">
      <div dir="ltr">
        <div><span style="font-family:arial,sans-serif;font-size:13px"><br>
          </span></div>
        <div><span style="font-family:arial,sans-serif;font-size:13px">Basically,
            they have a cloud with S3 object storage but want to move
            towards Swift + Keystone but continue using their existing
            database as the hub of all things related to credentials and
            authorizations. I figure Keystone can connect to a foreign
            SQL DB if the values were mapped correctly, but I don't know
            where this has been done prior. </span><span style="font-family:arial,sans-serif;font-size:13px">Thoughts?</span></div>
        <div><span style="font-family:arial,sans-serif;font-size:13px"><br>
          </span></div>
        <div><span style="font-family:arial,sans-serif;font-size:13px">Mahalo,</span></div>
        <div><span style="font-family:arial,sans-serif;font-size:13px">Adam</span></div>
      </div>
      <div class="gmail_extra"><br clear="all">
        <div>
          <div dir="ltr">
            <div><font>
                <div style="font-family:arial;font-size:small"><b><i><br>
                      Adam Lawson</i></b></div>
                <div><font><font color="#666666" size="1">
                      <div style="font-family:arial;font-size:small">
                        AQORN, Inc.</div>
                      <div style="font-family:arial;font-size:small">427
                        North Tatnall Street</div>
                      <div style="font-family:arial;font-size:small">Ste.
                        58461</div>
                      <div style="font-family:arial;font-size:small">Wilmington,
                        Delaware 19801-2230</div>
                      <div style="font-family:arial;font-size:small">Toll-free:
                        (844) 4-AQORN-NOW</div>
                      <div style="font-family:arial;font-size:small">Direct:
                        <a href="tel:%2B1%20%28302%29%20268-6914" value="+13022686914" target="_blank">+1 (302) 268-6914</a></div>
                    </font></font></div>
              </font></div>
            <div style="font-family:arial;font-size:small">
              <img src="http://www.aqorn.com/images/logo.png" height="39" width="96"><br>
            </div>
          </div>
        </div>
        <br>
        <br>
        <div class="gmail_quote">On Mon, Apr 21, 2014 at 11:18 AM, Adam
          Lawson <span dir="ltr"><<a href="mailto:alawson@aqorn.com" target="_blank">alawson@aqorn.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">Small q company has a custom database with
              user/pass's scraped from LDAP with some existing cloud
              concoction, Is there a straight forward way for Keystone
              to use that database for authorization and authentication
              with minimal development/re-tooling? Is there a good
              starting point to create an API to use that database?<span><font color="#888888">
                  <div>
                    <br clear="all">
                    <div>
                      <div dir="ltr">
                        <div><font>
                            <div style="font-family:arial;font-size:small"><b><i><br>
                                  Adam Lawson</i></b></div>
                            <div><font><font color="#666666" size="1">
                                  <div style="font-family:arial;font-size:small">AQORN,
                                    Inc.</div>
                                  <div style="font-family:arial;font-size:small">427
                                    North Tatnall Street</div>
                                  <div style="font-family:arial;font-size:small">Ste.
                                    58461</div>
                                  <div style="font-family:arial;font-size:small">Wilmington,
                                    Delaware 19801-2230</div>
                                  <div style="font-family:arial;font-size:small">Toll-free:
                                    (844) 4-AQORN-NOW</div>
                                  <div style="font-family:arial;font-size:small">Direct:
                                    <a href="tel:%2B1%20%28302%29%20268-6914" value="+13022686914" target="_blank">+1 (302) 268-6914</a></div>
                                </font></font></div>
                          </font></div>
                        <div style="font-family:arial;font-size:small">
                          <img src="http://www.aqorn.com/images/logo.png" height="39" width="96"><br>
                        </div>
                      </div>
                    </div>
                  </div>
                </font></span></div>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      </div><pre>_______________________________________________
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to     : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
    </blockquote>
    <br>
  </div>

<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to     : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>