Ask Your Question

Why is LDAP as an assignment back end for Keystone not recommended

asked 2015-06-03 05:13:41 -0500

JonathanBarber gravatar image

updated 2015-06-03 07:23:14 -0500

SGPJ gravatar image

The OpenStack Cloud Administrator Guide in the section "Integrate assignment back end with LDAP" [1] notes that:

Using LDAP as an assignment back end is not recommended.

What is the basis for this recommendation?


edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2015-06-17 10:01:17 -0500

JonathanBarber gravatar image

The original author of this line (Rico Lin) was kind enough to respond to my question asking about this issue. Paraphrasing his response - after discussion by the Keystone team, the reason for not recommending it is because LDAP was considered as a light-weight process which isn't suitable for the load that the assignment role would place on it.

As @august pointed out, LDAP as an assignment backed is now deprecated, the following email in the thread gives more information as to why:

Basically, no one appeared to be using it and the LDAP assignment backend wasn't keeping up with the features being added to the SQL assignment backend.

edit flag offensive delete link more

answered 2015-06-12 08:10:36 -0500

august gravatar image

I was wondering this too ... and i found this thread: It's a few months back - but I'm assuming still accurate?

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2015-06-03 05:13:41 -0500

Seen: 321 times

Last updated: Jun 17 '15