[Openstack] [Keystone] Quotas: LDAP Help

Ionut Artarisi iartarisi at suse.cz
Tue Aug 14 13:05:32 UTC 2012


On 07/25/2012 05:32 PM, Adam Young wrote:
> On 07/25/2012 10:19 AM, Ionuț Arțăriși wrote:
>>
>> Hi,
>>
>> I just wanted to add a bit to this thread. We're currently working on 
>> a hybrid backend between LDAP and SQL. I have a working version for a 
>> specific setup in which the user accounts are stored in LDAP, but 
>> tenants and roles are all stored in SQL together with other openstack 
>> user accounts such as the nova admin account.
>>
>> I basically just Frankensteined the two backends together for user 
>> processing and left everything else to be handled by the SQL backend. 
>> I'd like to hear other people's opinion on this or alternative 
>> implementations.
>
> Are tenants completely in the SQL DB?  If so, how to you list tenants 
> for a given user?
>
> Do you copy users from LDAP to SQL for anything?

Urgh, sorry for the late answer.

Tenats are all in the SQL DB and no users are copied from LDAP to SQL.

For listing tenants for a given user, right now we have a hacky 
get_tenants_for_user method which can be configured/rewritten by the 
sysadmin. We have a sample method which adds a pre-configured tenant to 
the existing list of tenants (from SQL) for usecases like: make all LDAP 
users part of tenant X.

-Ionuț





More information about the Openstack mailing list