Is seperate role authorization and user auth possible with multi domain backend?

asked 2015-01-21 07:58:13 -0600

zsolt-krenak gravatar image

Hi Everyone!

Since the Juno release Keystone is able to use multi domain identity backend:

Is it possible to setup an LDAP backend for normal user authentication, the SQL backend for service user auth(not just for openstack service users but like for Cloudfy or BOSH etc..), and use the SQL backend for role authoriztaion for both domains?

The only thing is making me unsure about this, is that the docmentation says there can be only one domain with sql backend, and multiple domain with multiple ldap backends.

Thanks for any help!

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-01-21 11:25:13 -0600

updated 2015-01-21 12:06:01 -0600

Yes. That is possible

Update 1: There is no trick. Just make sure you use LDAP only for identity and not for assignment driver

edit flag offensive delete link more


Thanks! Is there any special trick about it?

zsolt-krenak gravatar imagezsolt-krenak ( 2015-01-21 11:45:18 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-01-21 07:58:13 -0600

Seen: 205 times

Last updated: Jan 21 '15