Oh ok so in this case how does the Active Directory user gets a id , and
how do you map the user to a role? Is there any example you can point me
to?


On Wed, Nov 13, 2013 at 11:24 AM, Dolph Mathews <dolph.math...@gmail.com>wrote:

> Yes, that's the preferred approach in Havana: Users and Groups via LDAP,
> and everything else via SQL.
>
>
> On Wednesday, November 13, 2013, Avi L wrote:
>
>> Hi,
>>
>> I understand that the LDAP provider in keystone can be used for
>> authenticating a user (i.e validate username and password) , and it also
>> authorize it against roles and tenant. However this requires AD schema
>> modification. Is it possible to use AD only for authentication and then use
>> keystone's native database for roles and tenant lookup? The advantage is
>> that then we don't need to touch the enterprise AD installation.
>>
>> Thanks
>> Al
>>
>
>
> --
>
> -Dolph
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to