On 24 July 2015 at 14:50, Steve Martinelli <[email protected]> wrote: > The LDAP driver for identity shouldn't require write access to look up > groups. It'll only require write access if you want to allow Keystone to > create/delete/update new groups. > Not sure what you mean by "requires an LDAP admin to set up groups > separately" either. Have any more details you can share?
Hi Steve Assuming LDAP access is read-only, group info would need to be set up in the LDAP server itself prior to keystone accessing it. This is not something that many large corporations would be willing to accommodate, which means you'd need to get group data from elsewhere. Hence, my suggestion! __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
