Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Determining subtrees for Keystone LDAP integration


I am trying to use our existing user database for keystone. Since the schemas are not the same, i tried to levarage from LDAP by matching a predefined keystone schema with existing database schema using back-sql. So for i am successful at integration keystone with OpenLDAP server (ver 2.4.23) using a MySQL database as backend. However during investigating the code for keystone ldap integration i realize that on the ldap side two sub trees ou=Groups,dc=example,dc=com and ou=User,dc=example,dc=com must be defined. However i want to keystone to look for sub trees under the domain that i defined myself. I know that this a configuration issue in the keystone.conf for the ldap backend part. Can you show me a sample configuration which uses values for LDAP dn s defined by the user?