As I understand it, within an icehouse implementation of keystone when utilising a single LDAP server as the assignment backend, only one Domain (default) is supported. I believe there are plans to extend this ability in Juno but to what extent? Can anyone hint at the direction being taken? For example will keystone support a Domain' organizational unit' in the LDAP schema ? Many Thanks Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140423/58e1a6f2/attachment.html>