On 04/23/2014 01:54 PM, Michael Hearn wrote: > As I understand it, within an icehouse implementation of keystone > when utilising a single LDAP server as the assignment backend, only > one Domain (default) is supported. > > I believe there are plans to extend this ability in Juno but to what > extent? Can anyone hint at the direction being taken? For example > will keystone support a Domain' organizational unit' in the LDAP schema ? The idea is that each Domain will live in a separate subtree, which is potentially in a different LDAP server. There is a start of this from the Horizon timeframe, but issues with deconflicting UserIDs between multiple LDAP servers, or even different SAML SOurces in the Federation case, meant that we had to take a step back. Dealing with the Id issue is an hourlong session at the OpenStack Design summit. > > Many Thanks > Mike > > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140423/01466c8c/attachment.html>