[Openstack-operators] Migrating keystone from MySQL to LDAP
Antonio Messina
antonio.s.messina at gmail.com
Tue Mar 3 20:53:40 UTC 2015
On Tue, Mar 3, 2015 at 8:44 PM, Fox, Kevin M <Kevin.Fox at pnnl.gov> wrote:
> See the id_mapping table.
That's the first place I've looked into:
mysql> select * from keystone.id_mapping;
Empty set (0.00 sec)
I think because of
http://docs.openstack.org/developer/keystone/developing.html#identity-entity-id-management-between-controllers-and-drivers
[...]
To ensure that Keystone can determine to which backend it should route
an API call, starting with Juno, the identity manager will, provided
that domain-specific backends are enabled, build on-the-fly a
persistent mapping table between Keystone Public IDs that are
presented to the controller and the domain that holds the entity,
along with whatever local ID is understood by the driver.
To ensure backward compatibility, the default configuration of
either a single SQL or LDAP backend for Identity will not use the
mapping table [...]
I guess Calus can either set the id on the LDAP server (if he has
write access), or (probably the better solution) explicitly enable the
id mapping feature in Juno and pre-populate the `id_mapping` table.
.a.
--
antonio.s.messina at gmail.com
antonio.messina at uzh.ch +41 (0)44 635 42 22
S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/
University of Zurich
Winterthurerstrasse 190
CH-8057 Zurich Switzerland
More information about the OpenStack-operators
mailing list