subject:"\[Openstack\] \[Keystone\] Need feedback on how to fix keystone ldap domain support for Grizzly; are you using keystone ldap with multiple domains\?"

Re: [Openstack] [Keystone] Need feedback on how to fix keystone ldap domain support for Grizzly; are you using keystone ldap with multiple domains?

2013-05-07 Thread Brad Topol

Hi Folks, The current implementation of Keystone's domain support when using LDAP as a backend is broken in the read-only case for Grizzly. This is because Keystone in Grizzly assumes it can create a default domain which is not possible for many read-only LDAPs. We are trying to backport a

Re: [Openstack] [Keystone] Need feedback on how to fix keystone ldap domain support for Grizzly; are you using keystone ldap with multiple domains?

2013-05-07 Thread Aaron Knister

Hi Brad, FWIW-- I'm using AD as the LDAP backend and was using the msSFU30NisDomain attribute for the domain_id mapping. I'm now leveraging some OpenLDAP overlay magic instead, but I digress. I could see value for us in being able to leverage a domain_id stored in LDAP although admittedly we