Ask Your Question

Determining subtrees for Keystone LDAP integration

asked 2012-02-14 08:13:45 -0500

gucluakkaya gravatar image


I am trying to use our existing user database for keystone. Since the schemas are not the same, i tried to levarage from LDAP by matching a predefined keystone schema with existing database schema using back-sql. So for i am successful at integration keystone with OpenLDAP server (ver 2.4.23) using a MySQL database as backend. However during investigating the code for keystone ldap integration i realize that on the ldap side two sub trees ou=Groups,dc=example,dc=com and ou=User,dc=example,dc=com must be defined. However i want to keystone to look for sub trees under the domain that i defined myself. I know that this a configuration issue in the keystone.conf for the ldap backend part. Can you show me a sample configuration which uses values for LDAP dn s defined by the user?


edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2012-02-19 20:21:38 -0500

heckj gravatar image


Adam Young is re-implementing the LDAP support for the new baseline of keystone that just landed, and is documenting some of this thought work at ( for the implementation he's planning on landing in the very near future. I'd suggest taking a look at it to see if that re-implementation answers your question.


edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2012-02-14 08:13:45 -0500

Seen: 98 times

Last updated: Feb 19 '12