Ask Your Question
0

Determining subtrees for Keystone LDAP integration

asked 2012-02-14 08:13:45 -0500

gucluakkaya gravatar image

Hi,

I am trying to use our existing user database for keystone. Since the schemas are not the same, i tried to levarage from LDAP by matching a predefined keystone schema with existing database schema using back-sql. So for i am successful at integration keystone with OpenLDAP server (ver 2.4.23) using a MySQL database as backend. However during investigating the code for keystone ldap integration i realize that on the ldap side two sub trees ou=Groups,dc=example,dc=com and ou=User,dc=example,dc=com must be defined. However i want to keystone to look for sub trees under the domain that i defined myself. I know that this a configuration issue in the keystone.conf for the ldap backend part. Can you show me a sample configuration which uses values for LDAP dn s defined by the user?

Thanks

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2012-02-19 20:21:38 -0500

heckj gravatar image

Fatih,

Adam Young is re-implementing the LDAP support for the new baseline of keystone that just landed, and is documenting some of this thought work at http://adam.younglogic.com/2012/02/openstack-keystone-ldap-redux/ (http://adam.younglogic.com/2012/02/op...) for the implementation he's planning on landing in the very near future. I'd suggest taking a look at it to see if that re-implementation answers your question.

-joe

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-02-14 08:13:45 -0500

Seen: 92 times

Last updated: Feb 19 '12