Ask Your Question

keystone active directory integration and domains?

asked 2016-09-26 22:23:43 -0500

anonymous user


updated 2016-09-26 22:26:58 -0500

Does anyone have any experience with AD - Keystone integration using keystone domains? We are integrating OpenStack keystone into an enterprise with hundreds of thousands of employees. Has anyone had issues with keystone domains or concerns? I know a user can only be in one domain. . . Are there other concerns? Other than being able to delegate some administrative functions are there benefits of using multi-domains in keystone?

Anything you might share is helpful.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2017-02-09 16:43:21 -0500

tgehrke gravatar image

Problem was solved by using a single non-default domain for the AD integration. The default domain was maintained but only used for administrative tasks. The default domain still authenticates with basic keystone username and passwords

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-09-26 22:23:43 -0500

Seen: 131 times

Last updated: Feb 09 '17