On 29/01/15 12:03, Steven Hardy wrote:
On Thu, Jan 29, 2015 at 11:41:36AM -0500, Zane Bitter wrote:
>IIUC keystone now allows you to add users to a domain that is otherwise
>backed by a read-only backend (i.e. LDAP). If this means that it's now
>possible to configure a cloud so that one need not be an admin to create
>users then I think it would be a really useful thing to expose in Heat. Does
>anyone know if that's the case?

I've not heard of that feature, but it's definitely now possible to
configure per-domain backends, so for example you could have the "heat"
domain backed by SQL and other domains containing real human users backed
by a read-only directory.

http://adam.younglogic.com/2014/08/getting-service-users-out-of-ldap/


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to