[openstack-dev] [keystone] LDAP identity driver with groups from local DB

Boris Bobrov bbobrov at mirantis.com
Fri Jul 24 14:26:40 UTC 2015

On Friday 24 July 2015 09:29:32 Dave Walker wrote:
> On 24 July 2015 at 05:00, Julian Edwards <bigjools at gmail.com> wrote:
> Tl;DR is that the *User* management can come from LDAP via the
> Identity driver, but the Project/Tenants and Roles on these come from
> the *Assignment* driver via SQL - almost as an overlay.
> This would seem to solve the issue you outline?

As far as I understand the issue is that corps want to have users in read-only 
LDAP and have an ability to create groups outside of LDAP, in SQL.

Am I right?

Best regards,
Boris Bobrov

More information about the OpenStack-dev mailing list