I think you need the attribute mapping functionality that is currently being specified here https://review.openstack.org/#/c/51980/ The API says how to set up the mappings (though currently not how to apply them. This will be an internal method in the first instance.) It is designed for situations like the one you mention when externally assigned attributes are different to the ones used by Keystone regards David On 23/10/2013 23:35, Colin Leavett-Brown wrote: > The havana configuration reference contains a section on how to > configure keystone to accept x.509 certificates. How does one map x.509 > credentials to keystone IDs, projects, roles and privileges? > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack