Revision history [back]

click to hide/show revision 1
initial version

LDAP support in devstack

Hello, I've installed an openstack development environment thanks to devstack and I wanted to use LDAP with it. To do that, I've added these lines in my localrc file:

enable_service ldap
KEYSTONE_CLEAR_LDAP=yes
KEYSTONE_IDENTITY_BACKEND=ldap

In my keystone.conf, I have the pleasure to see these settings:

[identity]
driver = keystone.identity.backends.ldap.Identity
[ldap]
user_tree_dn = ou=Users,dc=openstack,dc=org
user_domain_id_attribute = businessCategory
tenant_tree_dn = ou=Projects,dc=openstack,dc=org
tenant_desc_attribute = description
tenant_domain_id_attribute = businessCategory
tenant_attribute_ignore = enabled
user_attribute_ignore = enabled,email,tenants,default_project_id
use_dumb_member = True
suffix = dc=openstack,dc=org
user = dc=Manager,dc=openstack,dc=org
password = pass

I can see the different entries: Projects, Roles, Users, UserGroups.

Adding an user via horizon adds an entry in Users. However, adding Roles or Projects add entries in the sql database.

Does devstack support LDAP for all the four features or is my configuration file wrong ?

LDAP support in devstack

Hello, I've installed an openstack development environment thanks to devstack and I wanted to use LDAP with it. To do that, I've added these lines in my localrc file:

enable_service ldap
KEYSTONE_CLEAR_LDAP=yes
KEYSTONE_IDENTITY_BACKEND=ldap

In my keystone.conf, I have the pleasure to see these settings:

[identity]
driver = keystone.identity.backends.ldap.Identity
[ldap]
user_tree_dn = ou=Users,dc=openstack,dc=org
user_domain_id_attribute = businessCategory
tenant_tree_dn = ou=Projects,dc=openstack,dc=org
tenant_desc_attribute = description
tenant_domain_id_attribute = businessCategory
tenant_attribute_ignore = enabled
user_attribute_ignore = enabled,email,tenants,default_project_id
use_dumb_member = True
suffix = dc=openstack,dc=org
user = dc=Manager,dc=openstack,dc=org
password = pass

I can see the different entries: Projects, Roles, Users, UserGroups.

Adding an user via horizon adds an entry in Users. However, adding Roles or Projects add entries in the sql database.

Does devstack support LDAP for all the four features or is my configuration file wrong ?

How to manage Roles, Projects via LDAP support in devstackand devstack?

Hello, I've installed an openstack development environment thanks to devstack and I wanted to use LDAP with it. To do that, I've added these lines in my localrc file:

enable_service ldap
KEYSTONE_CLEAR_LDAP=yes
KEYSTONE_IDENTITY_BACKEND=ldap

In my keystone.conf, I have the pleasure to see these settings:

[identity]
driver = keystone.identity.backends.ldap.Identity
[ldap]
user_tree_dn = ou=Users,dc=openstack,dc=org
user_domain_id_attribute = businessCategory
tenant_tree_dn = ou=Projects,dc=openstack,dc=org
tenant_desc_attribute = description
tenant_domain_id_attribute = businessCategory
tenant_attribute_ignore = enabled
user_attribute_ignore = enabled,email,tenants,default_project_id
use_dumb_member = True
suffix = dc=openstack,dc=org
user = dc=Manager,dc=openstack,dc=org
password = pass

I can see the different entries: Projects, Roles, Users, UserGroups.

Adding an user via horizon adds an entry in Users. However, adding Roles or Projects add entries in the sql database.

Does devstack support LDAP for all the four features or is my configuration file wrong ?