Hello, You can use multi domain authentification. One using LDAP and an other one using database https://docs.openstack.org/keystone/latest/admin/configuration.html Best regards, Romain ________________________________ From: Amjad Kotobi <kotobi@dkrz.de> Sent: Wednesday, May 20, 2020 2:41 PM To: openstack-discuss@lists.openstack.org Subject: [keystone][ldap] Hi all, I'm integrating keystone with LDAP, and having "service account" e.g. Nova, keystone etc.. which are in database. As soon as connecting it to ldap all authentication getting failed, how can I have both "service account" and "LDAP users" connected to Keystone? Here is my keystone.conf ################### [ldap] url = ldap://XXXXX user = uid=XXX,cn=sysaccounts,cn=etc,dc=XXX,dc=de password = dkrzprox user_tree_dn = cn=users,cn=accounts,dc=XXX,dc=de user_objectclass = posixAccount user_id_attribute = uid user_name_attribute = uid user_allow_create = false user_allow_update = false user_allow_delete = false group_tree_dn = cn=groups,cn=accounts,dc=XXX,dc=de group_objectclass = groupOfNames group_id_attribute = cn group_name_attribute = cn group_member_attribute = member group_desc_attribute = description group_allow_create = false group_allow_update = false group_allow_delete = false use_pool = true use_auth_pool = true debug_level = 4095 query_scope = sub [identity] driver = ldap ##################### OS: Centos7 OpenStack-Release: Train Any idea or example of options gonna be great! Thank you