Revision history [back]

Assignments:

  • Projects
  • Roles
  • Role Assignments
  • Domains

Identity:

  • Users
  • Groups
  • Group Assignments

To have separate backends between the two, the following options in keystone.conf would work

[identity]
driver = keystone.identity.backends.ldap.Identity

[assignment]
driver = keystone.assignment.backends.sql.Assignment

Source: http://adam.younglogic.com/2013/10/read-only-ldap-in-keystone/