<div dir="ltr">Thanks guys; If the team says you cannot connect to our database directly - you must use our API, does this change the above suggestions or do these suggestions assume KS is talking to an API?</div><div class="gmail_extra">
<br clear="all"><div><div dir="ltr"><div><font><div style="font-family:arial;font-size:small"><b><i><br>Adam Lawson</i></b></div><div><font><font color="#666666" size="1"><div style="font-family:arial;font-size:small">AQORN, Inc.</div>
<div style="font-family:arial;font-size:small">427 North Tatnall Street</div><div style="font-family:arial;font-size:small">Ste. 58461</div><div style="font-family:arial;font-size:small">Wilmington, Delaware 19801-2230</div>
<div style="font-family:arial;font-size:small">Toll-free: (844) 4-AQORN-NOW</div><div style="font-family:arial;font-size:small">Direct: +1 (302) 268-6914</div></font></font></div></font></div><div style="font-family:arial;font-size:small">
<img src="http://www.aqorn.com/images/logo.png" width="96" height="39"><br></div></div></div>
<br><br><div class="gmail_quote">On Wed, Apr 23, 2014 at 11:58 AM, Matt Griffin <span dir="ltr"><<a href="mailto:matt.griffin@percona.com" target="_blank">matt.griffin@percona.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Perhaps Percona Server's PAM plug-in might save you some time.<div><a href="http://www.percona.com/doc/percona-server/5.6/management/pam_plugin.html" target="_blank">http://www.percona.com/doc/percona-server/5.6/management/pam_plugin.html</a><br>
</div><div><br></div><div>Plus you'd probably get a performance gain over MySQL Community Edition.</div><div><br></div><div>Best,<br>Matt Griffin</div><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5">
<div class="gmail_extra"><br><br>
<div class="gmail_quote">On Tue, Apr 22, 2014 at 10:42 PM, Adam Young <span dir="ltr"><<a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div>
<div>On 04/21/2014 02:28 PM, Adam Lawson
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr"><span style="font-family:arial,sans-serif;font-size:13px">Crap, hit
send half-way through. Let's try this again...</span>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div>
<span style="font-family:arial,sans-serif;font-size:13px">Can
Keystone work with a non-KS database for authentication and
authorization </span><span style="font-family:arial,sans-serif;font-size:13px">via API</span><span style="font-family:arial,sans-serif;font-size:13px">? There
is an existing SQL database of users/passwords/roles etc
supporting an existing cloud and I'm being asked to research
the options how to introduce Keystone with read-only access.
Finding options on how this might happen has been
challenging.</span></div>
</div>
</blockquote></div>
The bad news: You will have to write your own backend. <br>
The Good News: you don't need to implement a lot. All you need is
the code to get users and groups.<br>
<br>
<br>
Take a look at the existing SQL backend and chop out anything that
actually writes to the DB. Code is here:<br>
<br>
<a href="http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/sql.py" target="_blank">http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/sql.py</a><br>
<blockquote type="cite"><div>
<div dir="ltr">
<div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">Basically,
they have a cloud with S3 object storage but want to move
towards Swift + Keystone but continue using their existing
database as the hub of all things related to credentials and
authorizations. I figure Keystone can connect to a foreign
SQL DB if the values were mapped correctly, but I don't know
where this has been done prior. </span><span style="font-family:arial,sans-serif;font-size:13px">Thoughts?</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">Mahalo,</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">Adam</span></div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div dir="ltr">
<div><font>
<div style="font-family:arial;font-size:small"><b><i><br>
Adam Lawson</i></b></div>
<div><font><font color="#666666" size="1">
<div style="font-family:arial;font-size:small">
AQORN, Inc.</div>
<div style="font-family:arial;font-size:small">427
North Tatnall Street</div>
<div style="font-family:arial;font-size:small">Ste.
58461</div>
<div style="font-family:arial;font-size:small">Wilmington,
Delaware 19801-2230</div>
<div style="font-family:arial;font-size:small">Toll-free:
(844) 4-AQORN-NOW</div>
<div style="font-family:arial;font-size:small">Direct:
<a href="tel:%2B1%20%28302%29%20268-6914" value="+13022686914" target="_blank">+1 (302) 268-6914</a></div>
</font></font></div>
</font></div>
<div style="font-family:arial;font-size:small">
<img src="http://www.aqorn.com/images/logo.png" height="39" width="96"><br>
</div>
</div>
</div>
<br>
<br>
<div class="gmail_quote">On Mon, Apr 21, 2014 at 11:18 AM, Adam
Lawson <span dir="ltr"><<a href="mailto:alawson@aqorn.com" target="_blank">alawson@aqorn.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Small q company has a custom database with
user/pass's scraped from LDAP with some existing cloud
concoction, Is there a straight forward way for Keystone
to use that database for authorization and authentication
with minimal development/re-tooling? Is there a good
starting point to create an API to use that database?<span><font color="#888888">
<div>
<br clear="all">
<div>
<div dir="ltr">
<div><font>
<div style="font-family:arial;font-size:small"><b><i><br>
Adam Lawson</i></b></div>
<div><font><font color="#666666" size="1">
<div style="font-family:arial;font-size:small">AQORN,
Inc.</div>
<div style="font-family:arial;font-size:small">427
North Tatnall Street</div>
<div style="font-family:arial;font-size:small">Ste.
58461</div>
<div style="font-family:arial;font-size:small">Wilmington,
Delaware 19801-2230</div>
<div style="font-family:arial;font-size:small">Toll-free:
(844) 4-AQORN-NOW</div>
<div style="font-family:arial;font-size:small">Direct:
<a href="tel:%2B1%20%28302%29%20268-6914" value="+13022686914" target="_blank">+1 (302) 268-6914</a></div>
</font></font></div>
</font></div>
<div style="font-family:arial;font-size:small">
<img src="http://www.aqorn.com/images/logo.png" height="39" width="96"><br>
</div>
</div>
</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div><pre>_______________________________________________
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>