Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

The original author of this line (Rico Lin) was kind enough to respond to my question asking about this issue. Paraphrasing his response - after discussion by the Keystone team, the reason for not recommending it is because LDAP was considered as a light-weight process which isn't suitable for the load that the assignment role would place on it.

As @august pointed out, LDAP as an assignment backed is now deprecated, the following email in the thread gives more information as to why: http://lists.openstack.org/pipermail/openstack-dev/2015-January/055684.html

Basically, no one appeared to be using it and the LDAP assignment backend wasn't keeping up with the features being added to the SQL assignment backend.