Revision history [back]

click to hide/show revision 1
initial version

password authentication thru ldap

hi all, hoping for a bit of direction please

ive been researching using openstack with ldap for months and I feel like im not any closer to understanding it than when I started. and ive read many webpages explaining it. admittedly I am significantly unfamiliar with the topic.

i am using newton, which by default has OS_IDENTITY_API_VERSION="3".

my vision is,what i think is a very minor integration of ldap with openstack: when a user tries to login to horizon his password is authenticated with our corporate ldap server. (so he can use the same password he uses for every other app and network resource).

after reading a bit i see now how that user authentication is not used only for horizon login but for group membership and roles and project, etc,etc, what i fear is all these will need to be defined on the ldap sever for each user. i dont have control of that server.

i dont mind managing a user/group/role/project list local to openstack, like default. I just want a users password to be checked via ldap, when logging into Horizon specfically. and if needed when ever this users needs to execute something in the openstack environment.

am I way off my expectation here? please educate me