[openstack-dev] [keystone] LDAP identity driver with groups from local DB
bbobrov at mirantis.com
Fri Jul 24 14:26:40 UTC 2015
On Friday 24 July 2015 09:29:32 Dave Walker wrote:
> On 24 July 2015 at 05:00, Julian Edwards <bigjools at gmail.com> wrote:
> Tl;DR is that the *User* management can come from LDAP via the
> Identity driver, but the Project/Tenants and Roles on these come from
> the *Assignment* driver via SQL - almost as an overlay.
> This would seem to solve the issue you outline?
As far as I understand the issue is that corps want to have users in read-only
LDAP and have an ability to create groups outside of LDAP, in SQL.
Am I right?
More information about the OpenStack-dev