Hello everyone,

I'm new in OpenStack and my task was to integrate an existing Active Directory into Keystone.

With the description from Red Hat,

https://access.redhat.com/documentation/en/red-hat-openstack-platform/8/integrate-with-identity-service/chapter-1-active-directory-integration (https://access.redhat.com/documentati...)

I was successfully but there are now some open questions and I hope somebody can explain it or give me a site where I can find it out.

1. First I want to know how exactly OpenStack gets the Information from the AD and why I have to set one user with name and password.
2. Second, why do I have to copy the certificate from the AD Server to the OpenStack Server and why I have to trust them? Does it not give an automatically function for this?
3. Finally, does an exact description of the security (ssl for e.g.) function between the AD and OpenStack exist anywhere? I want to know how the authentication works.

Thanks in advance and best regards, Daniel