Oh ok so in this case how does the Active Directory user gets a id , and how do you map the user to a role? Is there any example you can point me to?
On Wed, Nov 13, 2013 at 11:24 AM, Dolph Mathews <[email protected]>wrote: > Yes, that's the preferred approach in Havana: Users and Groups via LDAP, > and everything else via SQL. > > > On Wednesday, November 13, 2013, Avi L wrote: > >> Hi, >> >> I understand that the LDAP provider in keystone can be used for >> authenticating a user (i.e validate username and password) , and it also >> authorize it against roles and tenant. However this requires AD schema >> modification. Is it possible to use AD only for authentication and then use >> keystone's native database for roles and tenant lookup? The advantage is >> that then we don't need to touch the enterprise AD installation. >> >> Thanks >> Al >> > > > -- > > -Dolph > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
