How does one tie Keystone into Active Directory LDAP?

asked 2014-07-11 15:10:08 -0500

anonymous user

Anonymous

Hello. I'm working on deploying a small test instance of Icehouse and find the documentation for tying into Active Directory to be a bit sparse. (I'm used to setting up AD integration using group mapping on apps like Splunk where there is a nice simple web wizard...)

I have three main questions:

  • Can we use AD groups rather than OUs to hold users, tenants etc? The docs only discuss OUs: http://docs.openstack.org/admin-guide...
  • Can we use a mix of local accounts (eg: keystonerc 'admin') and LDAP once the LDAP Identity driver is configured? Every time I try to enable the driver now my 'admin' account stops working.
  • Could we use LDAP just for authenticating AD users and use the sql driver for all tenant, role, etc assignments?

Thanks!

edit retag flag offensive close merge delete

Comments

Please read the FAQ before posting: for this site one question at the time is encouraged. I think you can rephrase your question like "is it possible to mix SQL and LDAP auth backends" so that it is "one" question and your 3 points are an explanation.

smaffulli gravatar imagesmaffulli ( 2014-07-11 16:28:05 -0500 )edit