Hi So the bad news is that you are correct, multi-domain LDAP is not ready in IceHouse (It is marked as experimental.....and it has serious flaws). The good news is that this is fixed for Juno - and this support has already been merged - and will be in the Juno milestone 2 release. Here's the spec that describes the work done: https://github.com/openstack/keystone-specs/blob/master/specs/juno/multi-backend-uuids.rst This support uses the domain-specifc config files approach that is already in IceHouse - so the way you define the LDAP parameters for each domain does not change. Henry On 17 Jul 2014, at 10:52, foss geek <thefossgeek at gmail.com> wrote: > Dear All, > > We are using LDAP as identity back end and SQL as assignment back end. > > Now I am trying to evaluate Keystone multi-domain support with LDAP (identity) + SQL (assignment) > > Does any one managed to setup LDAP/SQL multi-domain environment in Havana/Icehouse? > > Does keystone have suggested LDAP DIT for domains? > > I gone through the below thread [1] and [2], it seems Keystone multi-domain with LDAP+SQL is not ready in Icehouse. > > Hope some one will help. > > Thanks for your time. > > [1]http://www.gossamer-threads.com/lists/openstack/dev/37705 > > [2]http://lists.openstack.org/pipermail/openstack/2014-January/004900.html > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140717/96e407c8/attachment.html>