On 25 July 2015 at 04:02, Adam Young wrote:
> This has come up numerous times, as I am sure you are now aware by reading
> the rest of the thread.
Yes indeed :) I was thinking as I wrote it that I can't be the first
person with this question.
However I think Daviey has shown me that I was misun
On Fri, Jul 24, 2015 at 12:02 PM, Adam Young wrote:
> On 07/24/2015 12:00 AM, Julian Edwards wrote:
>
>> Hello,
>>
>> I am relatively new to Openstack and Keystone so please forgive me any
>> crazy misunderstandings here.
>>
>> One of the problems with the existing LDAP Identity driver that I see
On 07/24/2015 12:00 AM, Julian Edwards wrote:
Hello,
I am relatively new to Openstack and Keystone so please forgive me any
crazy misunderstandings here.
One of the problems with the existing LDAP Identity driver that I see
is that for group management it needs write access to the LDAP server,
On 24 July 2015 at 15:26, Boris Bobrov wrote:
> On Friday 24 July 2015 09:29:32 Dave Walker wrote:
>> On 24 July 2015 at 05:00, Julian Edwards wrote:
>> Tl;DR is that the *User* management can come from LDAP via the
>> Identity driver, but the Project/Tenants and Roles on these come from
>> the *
any more details you can share?
Thanks,
Steve Martinelli
OpenStack Keystone Core
Julian Edwards wrote on 2015/07/24 12:00:33 AM:
> From: Julian Edwards
> To: openstack-dev@lists.openstack.org
> Date: 2015/07/24 12:01 AM
> Subject: [openstack-dev] [keystone] LDAP identity dr
On Friday 24 July 2015 09:29:32 Dave Walker wrote:
> On 24 July 2015 at 05:00, Julian Edwards wrote:
> Tl;DR is that the *User* management can come from LDAP via the
> Identity driver, but the Project/Tenants and Roles on these come from
> the *Assignment* driver via SQL - almost as an overlay.
>
On Fri, Jul 24, 2015 at 1:01 AM, Julian Edwards wrote:
> On 24 July 2015 at 14:51, Matt Fischer wrote:
> > Julian,
> >
> > You want this hybrid backend driver. Bind against LDAP for auth, store
> > everything else in mysql:
> >
> > https://github.com/SUSE-Cloud/keystone-hybrid-backend
> >
> > We
On Fri, Jul 24, 2015 at 1:10 AM, Henry Nash
wrote:
> Matt,
>
> Your hybrid driver seems to be doing something different than what Julian
> was asking - namely providing some “automatic role assignments” for users
> stored in LDAP (unless I am not understanding your patch)? I guess you
> could ar
On 24 July 2015 at 05:00, Julian Edwards wrote:
> Hello,
>
> I am relatively new to Openstack and Keystone so please forgive me any
> crazy misunderstandings here.
>
> One of the problems with the existing LDAP Identity driver that I see
> is that for group management it needs write access to the
Matt,
Your hybrid driver seems to be doing something different than what Julian was
asking - namely providing some “automatic role assignments” for users stored in
LDAP (unless I am not understanding your patch)? I guess you could argue
that’s a restricted version of being able to create group
On 24 July 2015 at 14:51, Matt Fischer wrote:
> Julian,
>
> You want this hybrid backend driver. Bind against LDAP for auth, store
> everything else in mysql:
>
> https://github.com/SUSE-Cloud/keystone-hybrid-backend
>
> We maintain our own fork with has a few small differences. I do not use the
>
On 24 July 2015 at 14:50, Steve Martinelli wrote:
> The LDAP driver for identity shouldn't require write access to look up
> groups. It'll only require write access if you want to allow Keystone to
> create/delete/update new groups.
> Not sure what you mean by "requires an LDAP admin to set up gro
more details you can share?
Thanks,
Steve Martinelli
OpenStack Keystone Core
Julian Edwards wrote on 2015/07/24 12:00:33 AM:
> From: Julian Edwards
> To: openstack-dev@lists.openstack.org
> Date: 2015/07/24 12:01 AM
> Subject: [openstack-dev] [keystone] LDAP identity driver with groups
Julian,
You want this hybrid backend driver. Bind against LDAP for auth, store
everything else in mysql:
https://github.com/SUSE-Cloud/keystone-hybrid-backend
We maintain our own fork with has a few small differences. I do not use the
assignment portion of the driver and I'm not sure anyone does
Hello,
I am relatively new to Openstack and Keystone so please forgive me any
crazy misunderstandings here.
One of the problems with the existing LDAP Identity driver that I see
is that for group management it needs write access to the LDAP server,
or requires an LDAP admin to set up groups separ
15 matches
Mail list logo
