Ask Your Question
1

Why is LDAP as an assignment back end for Keystone not recommended

asked 2015-06-03 05:13:41 -0500

JonathanBarber gravatar image

updated 2015-06-03 07:23:14 -0500

SGPJ gravatar image

The OpenStack Cloud Administrator Guide in the section "Integrate assignment back end with LDAP" [1] notes that:

Using LDAP as an assignment back end is not recommended.

What is the basis for this recommendation?

[1][link]( http://docs.openstack.org/admin-guide...)

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
2

answered 2015-06-17 10:01:17 -0500

JonathanBarber gravatar image

The original author of this line (Rico Lin) was kind enough to respond to my question asking about this issue. Paraphrasing his response - after discussion by the Keystone team, the reason for not recommending it is because LDAP was considered as a light-weight process which isn't suitable for the load that the assignment role would place on it.

As @august pointed out, LDAP as an assignment backed is now deprecated, the following email in the thread gives more information as to why: http://lists.openstack.org/pipermail/...

Basically, no one appeared to be using it and the LDAP assignment backend wasn't keeping up with the features being added to the SQL assignment backend.

edit flag offensive delete link more
0

answered 2015-06-12 08:10:36 -0500

august gravatar image

I was wondering this too ... and i found this thread: http://www.gossamer-threads.com/lists... It's a few months back - but I'm assuming still accurate?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

3 followers

Stats

Asked: 2015-06-03 05:13:41 -0500

Seen: 256 times

Last updated: Jun 17 '15