Jasper Are you alluding to the hybrid drivers as discussed & avail via http://www.mattfischer.com/blog/?tag=openstack-2
~Mike. On Thu, May 1, 2014 at 11:17 PM, Lillie Ross-CDSR11 < [email protected]> wrote: > I’ve been playing with using LDAP authentication (identity) and SQL > authorization (assignment) within Keystone in the current devstack release > running in a single VM. > > The problem with this setup, as I understand it, is the need to have > LDAP entries for each service user (i.e. nova, glance, etc.). In our > environment, this isn’t possible as our corporate LDAP directory is solely > for employee records. While I could work around this issue by running each > service under a known LDAP employee record - this seems rather a kludge to > me. > > My question is, and admittedly I’m not well versed in directory > federation, is this an issue that could be resolved once directory > federation is stable in the next Openstack release? Where, for instance, > all of the openstack service accounts could remain in a separate directory > service controlled solely by the cloud owner/admin, while user’s could then > be authenticated via the corporate employee LDAP database? > > We’d love to use LDAP to authenticate cloud user’s, but with the need to > also authenticate openstack services against the same LDAP backend makes > the use of LDAP unviable in our environment. > > This has probably been discussed previously, but any insight would be > helpful. > > Thanks and regards, > Ross > -- > Ross Lillie > Distinguished Member of Technical Staff > Motorola Solutions, Inc. > > motorolasolutions.com > O: +1.847.576.0012 > M: +1.847.980.2241 > E: [email protected] > > > > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
