Just for the record, they are watching us! :-O https://aws.amazon.com/blogs/aws/new-aws-directory-service/
Best! Thiago On 16 August 2014 16:03, Martinx - ジェームズ <thiagocmarti...@gmail.com> wrote: > Hey Stackers, > > I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm > using it on a daily basis as an AD DC controller, for both Windows and > Linux Instances! With replication, file system ACLs - cifs, built-in LDAP, > dynamic DNS with Bind9 as a backend (no netbios) and etc... Pretty cool! > > In OpenStack ecosystem, there are awesome solutions like Trove, Solum, > Designate and etc... Amazing times BTW! So, why not try to integrate > Samba4, working as an AD DC, within OpenStack itself?! > > If yes, then, what is the best way/approach to achieve this?! > > I mean, for SQL, we have Trove, for iSCSI, Cinder, Nova uses Libvirt... > Don't you guys think that it is time to have an OpenStack project for LDAP > too? And since Samba4 come with it, plus DNS, AD, Kerberos and etc, I think > that it will be huge if we manage to integrate it with OpenStack. > > I think that it would be nice to have, for example: domains, users and > groups management at Horizon, and each tenant with its own "Administrator" > (not the Keystone "global" admin) (to mange its Samba4 domains), so, they > will be able to fully manage its own account, while allowing Keystone to > authenticate against these users... > > Also, maybe Designate can have support for it too! I don't know for > sure... > > Today, I'm doing this "Samba integration" manually, I have an "external" > Samba4, from OpenStack's point of view, then, each tenant/project, have its > own DNS domains, when a instance boots up, I just need to do something like > this (bootstrap): > > -- > echo "127.0.1.1 instance-1.tenant-1.domain-1.com instance-1" >> /etc/hosts > net ads join -U administrator > -- > > To make this work, the instance just needs to use Samba4 AD DC as its > Name Servers, configured at its /etc/resolv.conf, "delivered by DHCP > Agent". The packages `samba-common-bin` and `krb5-user` are also required. > Including a ready to use smb.conf file. > > Then, "ping instance-1.tenant-1.domain-1.com" worldwide! It works for > both IPv4 and IPv6!! > > Also, Samba4 works okay with Disjoint Namespaces > <http://technet.microsoft.com/en-us/library/cc731929(v=ws.10).aspx>, so, > each tenant can have one or more domains and subdomains! Like "*. > realm.domain.com, *.domain.com, *.cloud-net-1.domain.com, > *.domain2.com... All dynamic managed by Samba4 and Bind9! > > What about that?! > > Cheers! > Thiago >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev