Ask Your Question

Mirantis 9 LDAP integration Microsoft Active Directory (AD)

asked 2016-08-19 10:02:05 -0500

bmaltais gravatar image

updated 2016-08-19 10:25:08 -0500

I am opening this question in the hope it will help others properly interface with MS AD for user authentication.

Essentially I wanted to install the LDAP Plugin v3.0.0 on Fuel 9 and then deploy a new environment with LDAP Integration so I could manage Openstack users in AD and assign them to Projects in Openstack.

I will provide the solution in the Answer section.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-08-19 10:13:32 -0500

bmaltais gravatar image

updated 2016-08-19 10:15:35 -0500

OK. So the solution is this. You need to configure the LDAP Plugin in the "Settings" - "Other" section. I used a non encrypted implementation of LDAP in my lab so this is why I point to port 389. My AD domain is so all the answer below will reflect that. Adjust as you need. My read only ldap account in AD is "ldap ro". Your's will probably be different (or you need to create one if you don't have one). I put all the users I want to give access to openstack in an AD group called "openlab":

Domain name: mgmt
LDAP URL: ldap://<IP of MS AD>:389
LDAP Proxy: None
Use TLS: Nope
CA Chain: Leave blank
LDAP Suffix: DC=mgmt,DC=ssclab,DC=com
LDAP User: CN=ldap ro,CN=Users,DC=mgmt,DC=ssclab,DC=com
LDAP User Password: some super secure password ;-)
LDAP Query Scope: Sub
Users Tree DN: CN=Users,DC=mgmt,DC=ssclab,DC=com
User Filter: (memberOf=CN=openlab,CN=Users,DC=mgmt,DC=ssclab,DC=com)
User Object Class: person
User ID Attribute: sAMAccountName
User Name Attribute: sAMAccountName
User Password Attribute: Leave blank
User Enabled/Disabled Attribute: userAccountControl
Groups Tree DN: Leave blank
Group Filter: Leave blank
Group Object Class: Leave blank
Group ID Attribute: Leave blank
Group Name Attribute: Leave blank
Group Member Attribute: Leave blank
Group description Attribute: Leave blank
Page Size Attribute: 0
Chase referrals Attribute: False
List of additional Domains: Leave blank
List of custom LDAP proxy configs: Leave blank

Hope this help you get going. Took me hours to figure our what was needed.

edit flag offensive delete link more


Thx for sharing

KayBaBa gravatar imageKayBaBa ( 2017-06-26 01:54:00 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2016-08-19 10:02:05 -0500

Seen: 327 times

Last updated: Aug 19 '16