[openstack-dev] [keystone] LDAP identity driver with groups from local DB

Matt Fischer matt at mattfischer.com
Fri Jul 24 13:57:55 UTC 2015


On Fri, Jul 24, 2015 at 1:01 AM, Julian Edwards <bigjools at gmail.com> wrote:

> On 24 July 2015 at 14:51, Matt Fischer <matt at mattfischer.com> wrote:
> > Julian,
> >
> > You want this hybrid backend driver. Bind against LDAP for auth, store
> > everything else in mysql:
> >
> > https://github.com/SUSE-Cloud/keystone-hybrid-backend
> >
> > We maintain our own fork with has a few small differences. I do not use
> the
> > assignment portion of the driver and I'm not sure anyone does so keep
> that
> > in mind.
>
> Oh cool, I'll check that out, thanks for the pointer.  Ideally I'd
> like to get something in-tree, but this might be a good start.
>

I do have Ubuntu packaging code in my branch if that helps you deploy it at
all:

https://github.com/matthewfischer/keystone-hybrid-backend/



>
> > I know some of the Keystone team has pretty strong opinions about this
> but
> > it works for us.
>
> There's clearly a problem that needs solving, but I'd like to hear the
> opinions.
>
> > And nice to run into you again...
>
> Likewise!
>
> Cheers.
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150724/2bb4e442/attachment.html>


More information about the OpenStack-dev mailing list