Open Stack

On 04/25/2013 03:06 PM, Ryan Lane wrote:
> On Thu, Apr 25, 2013 at 9:07 AM, Ziad Sawalha <ziad at sawalha.com 
> <mailto:ziad at sawalha.com>> wrote:
>
>     +1
>
>     Most hosting/cloud providers have something like that; a directory
>     with multiple user sets.
>
>     Shouldn't that use case be core to Keystone? Having worked with
>     many such implementations, I'd like to also hear the argument for
>     why it is insanity...
>
>
> One directory with multiple user sets, or multiple directories with 
> single user sets? Multiple directories that should be combined 
> together (this is a major nightmare case)?
>
> One directory with multiple user sets is doable, and the DIT I 
> suggested supports this use case. It should support all API 
> functionality, in fact. Is it worth implementing this, though? Is this 
> going to be used enough to make it worth the cost of supporting it?
>
> As for the other cases: how to configure any of this? You can no 
> longer use the API to create domains, because each domain would need 
> LDAP configuration information to go with it. So, does this go into 
> the configuration files? That would mean every new domain would 
> require a keystone service restart. There's a lot of complexity 
> involved with this and likely very little gain.
>
> - Ryan
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
I wish Joe Savak would speak up here as he is the one the pushed for the 
multi-domain LDAP approach that we have now, and that we are talking 
about yanking.  Can someone bug him and get him to respond?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130425/92975ac3/attachment.html>