[Openstack] [Keystone] Leverage an existing (non-KS) DB?

Matt Griffin matt.griffin at percona.com
Wed Apr 23 18:58:36 UTC 2014 

Perhaps Percona Server's PAM plug-in might save you some time.
http://www.percona.com/doc/percona-server/5.6/management/pam_plugin.html

Plus you'd probably get a performance gain over MySQL Community Edition.

Best,
Matt Griffin




On Tue, Apr 22, 2014 at 10:42 PM, Adam Young <ayoung at redhat.com> wrote:

>  On 04/21/2014 02:28 PM, Adam Lawson wrote:
>
> Crap, hit send half-way through. Let's try this again...
>
>  Can Keystone work with a non-KS database for authentication and
> authorization via API? There is an existing SQL database of
> users/passwords/roles etc supporting an existing cloud and I'm being asked
> to research the options how to introduce Keystone with read-only access.
> Finding options on how this might happen has been challenging.
>
> The bad news: You will have to write your own backend.
> The Good News:  you don't need to implement a lot. All you need is the
> code to get users and groups.
>
>
> Take a look at the existing SQL backend and chop out anything that
> actually writes to the DB.  Code is here:
>
>
> http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/sql.py
>
>
>  Basically, they have a cloud with S3 object storage but want to move
> towards Swift + Keystone but continue using their existing database as the
> hub of all things related to credentials and authorizations. I figure
> Keystone can connect to a foreign SQL DB if the values were mapped
> correctly, but I don't know where this has been done prior. Thoughts?
>
>  Mahalo,
> Adam
>
>
> * Adam Lawson*
>  AQORN, Inc.
> 427 North Tatnall Street
> Ste. 58461
> Wilmington, Delaware 19801-2230
> Toll-free: (844) 4-AQORN-NOW
> Direct: +1 (302) 268-6914
>
>
>
> On Mon, Apr 21, 2014 at 11:18 AM, Adam Lawson <alawson at aqorn.com> wrote:
>
>> Small q company has a custom database with user/pass's scraped from LDAP
>> with some existing cloud concoction, Is there a straight forward way for
>> Keystone to use that database for authorization and authentication with
>> minimal development/re-tooling? Is there a good starting point to create an
>> API to use that database?
>>
>>
>> * Adam Lawson*
>>  AQORN, Inc.
>> 427 North Tatnall Street
>> Ste. 58461
>> Wilmington, Delaware 19801-2230
>> Toll-free: (844) 4-AQORN-NOW
>> Direct: +1 (302) 268-6914
>>
>>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140423/557cc6c5/attachment.html>

More information about the Openstack mailing list