Open Stack

Thanks. Adam.

Is there any way to configure FreeIPA LDAP to have this structure?

Many thanks.

On Sep 24, 2012, at 11:10 PM, Adam Young wrote:

> Role is grouped in the collection under the Tenant, with the userid in the members attribute for that role.
> 
> 
> 
> On 09/24/2012 03:18 AM, 邱剑 wrote:
>> 
>> Openstack services need user account with 'admin' role. But I could not figure out how FreeIPA propagate 'role' into Keystone.
>> 
>> That's why I'm asking the question in mailing list.
>> 
>> 
>> On Sep 24, 2012, at 11:30 AM, spring wrote:
>> 
>>> Thanks qiujian!
>>> By using this configuration, can we log in through dashboard? If I want to implement that, is there any other configuration I have to do?
>>> 
>>> 2012/9/24 邱剑 <qiujian at meituan.com>
>>> BTW, here is my configuration:
>>> 
>>> [ldap]
>>> url = ldap://10.64.11.199
>>> tree_dn = cn=accounts,dc=mydomain,dc=com
>>> user_tree_dn = cn=users,cn=accounts,dc=mydomain,dc=com
>>> user_objectclass = person
>>> user_name_attribute = uid
>>> user_id_attribute = uid
>>> tenant_tree_dn = cn=groups,cn=accounts,dc=mydomain,dc=com
>>> tenant_objectclass = posixgroup
>>> tenant_id_attribute = cn
>>> tenant_name_attribute = cn
>>> tenant_member_attribute = member
>>> role_tree_dn = cn=groups,cn=accounts,dc=mydomain,dc=com
>>> role_objectclass = posixgroup
>>> role_id_attribute = cn
>>> role_name_attribute = cn
>>> role_member_attribute = member
>>> user = uid=sudo,cn=sysaccounts,cn=etc,dc=mydomain,dc=com
>>> password = mysudopassword
>>> suffix = cn=mydomain,cn=com
>>> 
>>> 
>>> [identity]
>>> driver = keystone.identity.backends.ldap.Identity
>>> 
>>> It seems that keystone LDAP requires role nodes the children of tenant nodes. But FreeIPA has a flat structure.
>>> 
>>> --
>>> 邱剑
>>> 美团网技术部系统运维组 - 系统工程师
>>> 手机：1381129925
>>> 邮件：qiujian at meituan.com
>>> 
>>> On Sep 22, 2012, at 12:27 PM, 邱剑 wrote:
>>> 
>>>> Hi, 
>>>> 
>>>> I was working on using LDAP of FreeIP as backend of Keystone.
>>>> 
>>>> User and tenants information can be fetched from LDAP. However, I could not figure out how to assign roles to users in specific tenants. I'm wondering whether someone can help?
>>>> 
>>>> I noticed that Mr. Adam Young had post a blog about this topic:
>>>> 
>>>> http://adam.younglogic.com/2012/09/ldaps-against-a-freeipa-server/
>>>> 
>>>> However, it did not show how to import roles in LDAP. I'm wondering whether there is any progress about this?
>>>> 
>>>> Many thanks.
>>>> 
>>>> keystone in use was the latest master branch on github on Sep 21, 2012.
>>>> 
>>>> 
>>>> Jian Qiu
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~openstack
>>>> Post to     : openstack at lists.launchpad.net
>>>> Unsubscribe : https://launchpad.net/~openstack
>>>> More help   : https://help.launchpad.net/ListHelp
>>> 
>>> 
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack at lists.launchpad.net
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> Huang Shuquan （黄舒泉）
>>> Software Institute of Nanjing University Nanjing, P.R.China
>>> Mobile: 86 137 7086 4433
>>> 
>> 
>> 
>> 
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120925/c9debe16/attachment.html>