[openstack-dev] Keystone
Adam Young
ayoung at redhat.com
Tue May 20 02:57:38 UTC 2014
On 05/16/2014 05:08 AM, Tizy Ninan wrote:
> Hi,
>
> We have an openstack Havana deployment on CentOS 6.4 and nova-network
> network service installed using Mirantis Fuel v4.0.
> We are trying to integrate the openstack setup with the Microsoft
> Active Directory(LDAP server). I only have a read access to the LDAP
> server.
> What will be the minimum changes needed to be made under the [ldap]
> tag in keystone.conf file?Can you please specify what variables need
> to be set and what should be the values for each variable?
>
> [ldap]
> # url = ldap://localhost
> # user = dc=Manager,dc=example,dc=com
> # password = None
> # suffix = cn=example,cn=com
> # use_dumb_member = False
> # allow_subtree_delete = False
> # dumb_member = cn=dumb,dc=example,dc=com
>
> # Maximum results per page; a value of zero ('0') disables paging
> (default)
> # page_size = 0
>
> # The LDAP dereferencing option for queries. This can be either 'never',
> # 'searching', 'always', 'finding' or 'default'. The 'default' option
> falls
> # back to using default dereferencing configured by your ldap.conf.
> # alias_dereferencing = default
>
> # The LDAP scope for queries, this can be either 'one'
> # (onelevel/singleLevel) or 'sub' (subtree/wholeSubtree)
> # query_scope = one
>
> # user_tree_dn = ou=Users,dc=example,dc=com
> # user_filter =
> # user_objectclass = inetOrgPerson
> # user_id_attribute = cn
> # user_name_attribute = sn
> # user_mail_attribute = email
> # user_pass_attribute = userPassword
> # user_enabled_attribute = enabled
> # user_enabled_mask = 0
> # user_enabled_default = True
> # user_attribute_ignore = default_project_id,tenants
> # user_default_project_id_attribute =
> # user_allow_create = True
> # user_allow_update = True
> # user_allow_delete = True
> # user_enabled_emulation = False
> # user_enabled_emulation_dn =
>
> # tenant_tree_dn = ou=Projects,dc=example,dc=com
> # tenant_filter =
> # tenant_objectclass = groupOfNames
> # tenant_domain_id_attribute = businessCategory
> # tenant_id_attribute = cn
> # tenant_member_attribute = member
> # tenant_name_attribute = ou
> # tenant_desc_attribute = desc
> # tenant_enabled_attribute = enabled
> # tenant_attribute_ignore =
> # tenant_allow_create = True
> # tenant_allow_update = True
> # tenant_allow_delete = True
> # tenant_enabled_emulation = False
> # tenant_enabled_emulation_dn =
>
> # role_tree_dn = ou=Roles,dc=example,dc=com
> # role_filter =
> # role_objectclass = organizationalRole
> # role_id_attribute = cn
> # role_name_attribute = ou
> # role_member_attribute = roleOccupant
> # role_attribute_ignore =
> # role_allow_create = True
> # role_allow_update = True
> # role_allow_delete = True
>
> # group_tree_dn =
> # group_filter =
> # group_objectclass = groupOfNames
> # group_id_attribute = cn
> # group_name_attribute = ou
> # group_member_attribute = member
> # group_desc_attribute = desc
> # group_attribute_ignore =
> # group_allow_create = True
> # group_allow_update = True
> # group_allow_delete = True
>
> Kindly help us to resolve the issue.
>
> Thanks,
> Tizy
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
http://www.youtube.com/watch?v=w3Yjlmb_68g
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140519/c1ecc1d8/attachment.html>
More information about the OpenStack-dev
mailing list