Security of Keystone with LDAP/AD
Hello everyone,
I'm new in OpenStack and my task was to integrate an existing Active Directory into Keystone.
With the description from Red Hat,
https://access.redhat.com/documentation/en/red-hat-openstack-platform/8/integrate-with-identity-service/chapter-1-active-directory-integration (https://access.redhat.com/documentati...)
I was successfully but there are now some open questions and I hope somebody can explain it or give me a site where I can find it out.
- First I want to know how exactly OpenStack gets the Information from the AD and why I have to set one user with name and password.
- Second, why do I have to copy the certificate from the AD Server to the OpenStack Server and why I have to trust them? Does it not give an automatically function for this?
- Finally, does an exact description of the security (ssl for e.g.) function between the AD and OpenStack exist anywhere? I want to know how the authentication works.
Thanks in advance and best regards, Daniel