I was able to get keystone to talk to my ldap and i able to log in to the dashboard with a admin AD user in ldap. That work find and great. BTW this on Havana

When I go to add a user to a project/tenant on the dashboard I get the pinwheel of death. After many minutes (15+ if not longer) a simple error pops up that it can not be done.

The problem is my ldap system has close to 110,000 users in the user sub OU. When I did a simple keystone user-list at the command line the output is of all my ldap users and I mean all 110,000 users.

What I see in the logs is when I try and click modify users is every user be validated and then check to see if there in a role then on and on and on and on. I am also thinking it cacheing the username to give me the list to add to a project.

I am use assignment field in keystone to track AD user assigned to a role or project and yes command line adding users is fast and works great. I need the dashboard to work for the Tire1 people that will run this system for me down the line. Giving them CLI access to a linux box is a little bit to extreme.

What really needs to happen is not list all users in LDAP but just those assignments already made in the SQL system. For adding new users that are in LDAP then just a simple search or if i know the users name place and check.

Looking for advice or setting that i over looked.

I did make all the changes in the dashboard config files that are stated on all the pages i found with google.

There is an option to filter the user list if you do not need to give all 110,000 users access to the cloud. See http://docs.openstack.org/grizzly/ope... for some examples.

We use this at CERN so that users can self-service sign up to the cloud service and this keeps the list to a more manageable size.

This worked 100% thank you so much. FYI for those of you looking for this for havana it in the cloud admin guide. Also i notice it will not read a group in a group. Only the users in the group. Need to look at this.

