[keystone][ldap]
CHANU ROMAIN
romain.chanu at univ-lyon1.fr
Wed May 20 12:51:03 UTC 2020
Hello,
You can use multi domain authentification.
One using LDAP and an other one using database
https://docs.openstack.org/keystone/latest/admin/configuration.html
Best regards,
Romain
________________________________
From: Amjad Kotobi <kotobi at dkrz.de>
Sent: Wednesday, May 20, 2020 2:41 PM
To: openstack-discuss at lists.openstack.org
Subject: [keystone][ldap]
Hi all,
I'm integrating keystone with LDAP, and having "service account" e.g. Nova, keystone etc.. which are in database.
As soon as connecting it to ldap all authentication getting failed, how can I have both "service account" and "LDAP users" connected to Keystone?
Here is my keystone.conf
###################
[ldap]
url = ldap://XXXXX
user = uid=XXX,cn=sysaccounts,cn=etc,dc=XXX,dc=de
password = dkrzprox
user_tree_dn = cn=users,cn=accounts,dc=XXX,dc=de
user_objectclass = posixAccount
user_id_attribute = uid
user_name_attribute = uid
user_allow_create = false
user_allow_update = false
user_allow_delete = false
group_tree_dn = cn=groups,cn=accounts,dc=XXX,dc=de
group_objectclass = groupOfNames
group_id_attribute = cn
group_name_attribute = cn
group_member_attribute = member
group_desc_attribute = description
group_allow_create = false
group_allow_update = false
group_allow_delete = false
use_pool = true
use_auth_pool = true
debug_level = 4095
query_scope = sub
[identity]
driver = ldap
#####################
OS: Centos7
OpenStack-Release: Train
Any idea or example of options gonna be great!
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200520/32486c82/attachment-0001.html>
More information about the openstack-discuss
mailing list