[Openstack] [OpenStack][Keystone][LDAP] Does LDAP driver support for validating subtree user?
Kuo Hugo
tonytkdk at gmail.com
Tue May 22 11:07:36 UTC 2012
Hi Folks ,
I have try with keystone backend by LDAP and Windows AD.
It looks fine . Just want to clarify one point.
For my test result , LDAP driver could only validate users in the
particular container (OU,CN etc.) and does not include the subtree users.
[ldap]
tree_dn = dc=taiwan,dc=com
user_tree_dn = ou=foo,dc=taiwan,dc=com
For example ....
User1 : cn=jeremy,ou=foo,dc=taiwan,dc=com
User2 : cn=jordan,ou=bar,ou=foo,dc=taiwan,dc=com
User1 could be validated , and get the token generated by keystone.
User2 could not be validated
Is there any way to validate both User1 and User2 in current design ?
--
+Hugo Kuo+
tonytkdk at gmail.com
+ <tonytkdk at gmail.com>886 935004793
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120522/51f260eb/attachment.html>
More information about the Openstack
mailing list