On Mon, Nov 18, 2013 at 6:51 AM, Adam Young <ayo...@redhat.com> wrote:
> > > ADMIN Token does no authentication against the back end. It is a > bootstrap method for setting up Keystone, nothing else. It should be > disabled as soon as you can authenticate via AD. > > I don't think you have successfully authenticated against AD. > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev Our AD server does not allow anonymous browse so I am sure that when ADMIN token is used it is binding (authenticating) as the bind user mentioned in keystone configuration file and is able to show the user list. What I don't understand is that when I am using the same user in keystonerc file it is not working , and I beleive it is somehow looking for projects and tenant information in AD , even though the assignment driver is pointing to sql as the backend.
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
