Re: [openstack-dev] [TripleO] Haproxy configuration options

2014-05-22 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
wrote: On 18 May 2014 08:17, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.commailto:mark.m.mil...@hp.com wrote: We are considering the following connection chain: - HAProxy - stunnel -OS services bound to 127.0.0.1 Virtual IP

Re: [openstack-dev] [TripleO] Haproxy configuration options

2014-05-22 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [TripleO] Haproxy configuration options On 18 May 2014 08:17, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.com wrote: We are considering the following connection chain: - HAProxy

Re: [openstack-dev] [TripleO] Haproxy configuration options

2014-05-17 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
We are considering the following connection chain: - HAProxy - stunnel -OS services bound to 127.0.0.1 Virtual IP server IP localhost 127.0.0.1 secure SSL terminate unsecure In this

Re: [openstack-dev] Security audit of OpenStack projects

2014-05-02 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hi Rob, We quickly discussed your ephemeral CA idea this morning and like it. We also realize that it will take a lot of work to make it happen. At this point in time we are attempting to simply add some form of SSL to a cloud installed with TripleO. We lost all of our previous installation

Re: [openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?

2014-04-29 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
In Keystone, users are assigned to a domain when they are created. This is a unique combination. -Original Message- From: Robert Collins [mailto:robe...@robertcollins.net] Sent: Monday, April 28, 2014 11:25 PM To: OpenStack Development Mailing List (not for usage questions) Subject:

Re: [openstack-dev] [TripleO] HAProxy and Keystone setup (in Overcloud)

2014-04-25 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, I am somewhat hesitant to bring up the stunnel topic in this thread, but it needs to be considered in that an endpoint naming solution and a certificate creation/distribution solution needs to consider both the haproxy and stunnel requirements because there are many similarities. I am

Re: [openstack-dev] [TripleO] config options, defaults, oh my!

2014-04-10 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Thank you for the leads. I will look them up. Mark -Original Message- From: Lee, Alexis Sent: Thursday, April 10, 2014 3:58 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [TripleO] config options, defaults, oh my! Miller, Mark M (EB SW

Re: [openstack-dev] [TripleO] config options, defaults, oh my!

2014-04-09 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Does anyone have a flowchart of the cloud build/configure process including interactions between the various components/stages of TripleO and Heat? -Original Message- From: Robert Collins [mailto:robe...@robertcollins.net] Sent: Wednesday, April 09, 2014 2:29 PM To: OpenStack

Re: [openstack-dev] [Ironic][Keystone] Move drivers credentials to Keystone

2014-03-25 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Why not use Barbican? It stores credentials after encrypting them. -Original Message- From: Jay Pipes [mailto:jaypi...@gmail.com] Sent: Tuesday, March 25, 2014 9:50 AM To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Ironic][Keystone] Move drivers credentials to

Re: [openstack-dev] [all][keystone] Increase of USER_ID length maximum from 64 to 255

2014-02-27 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
I agree about not needing extra identity information outside of the user's UUID, but what about the role/project/domain information stored in the PKI token? Does it remain or go away? From: Morgan Fainberg [mailto:m...@metacloud.com] Sent: Thursday, February 27, 2014 12:11 PM To: OpenStack

Re: [openstack-dev] [Nova] nova-cert information

2014-01-24 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
is this: http://docs.openstack.org/developer/nova/api/nova.cert.manager.html Doc bug reopened at https://bugs.launchpad.net/openstack-manuals/+bug/1160757 Hopefully someone on the list can identify more information sources so we can document. Anne On Thu, Jan 23, 2014 at 7:00 PM, Miller, Mark M (EB SW

[openstack-dev] Keystone Apache2 WSGI Fails when Token 8190 Bytes

2014-01-16 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, I have come across a bug or limitation when using an Apache2 SSL-WSGI front end for Keystone. If the returned token for a Keystone authenticate request is greater than 8190 bytes, the mod_wsgi code throws an error similar to the following: [Thu Jan 16 22:27:47 2014] [info] Initial

Re: [openstack-dev] Keystone Apache2 WSGI Fails when Token 8190 Bytes

2014-01-16 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.com wrote: Hello, I have come across a bug or limitation when using an Apache2 SSL-WSGI front end for Keystone. If the returned token for a Keystone authenticate request is greater than 8190 bytes, the mod_wsgi code throws

Re: [openstack-dev] Keystone Apache2 WSGI Fails when Token 8190 Bytes

2014-01-16 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
It turns out that there is a bug filed against the problem we are facing: https://bugs.launchpad.net/keystone/+bug/1255321 -Original Message- From: Miller, Mark M (EB SW Cloud - RD - Corvallis) Sent: Thursday, January 16, 2014 11:09 PM To: OpenStack Development Mailing List

[openstack-dev] Glance mod_wsgi.input Question

2013-12-17 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, I am trying to get the Grizzly Glance service working with Apache2 through the WSGI interface. I am having problems with the _upload method of file glance/api/v1/images.py It appears that the req.body_file pointer is invalid as I get the following error: (9, 'Bad file descriptor'). I

[openstack-dev] Glance WSGI File Read Bug (Grizzly)

2013-12-17 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
) exceptions = {errno.EFBIG: exception.StorageFull(), errno.ENOSPC: exception.StorageFull(), errno.EACCES: exception.StorageWriteDenied()} raise exceptions.get(e.errno, e) From: Miller, Mark M (EB SW Cloud - RD - Corvallis) Sent

Re: [openstack-dev] Nova SSL Apache2 Question

2013-11-25 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
: [openstack-dev] Nova SSL Apache2 Question On 13 November 2013 23:39, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.commailto:mark.m.mil...@hp.com wrote: I finally found a set of web pages that has a working set of configuration files for the major OpenStack services http

Re: [openstack-dev] Nova SSL Apache2 Question

2013-11-14 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
(not for usage questions) Subject: Re: [openstack-dev] Nova SSL Apache2 Question On 13 November 2013 23:39, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.commailto:mark.m.mil...@hp.com wrote: I finally found a set of web pages that has a working set of configuration files

Re: [openstack-dev] Nova SSL Apache2 Question

2013-11-14 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
I believe I found it under nova-network. Thanks, Mark From: Miller, Mark M (EB SW Cloud - RD - Corvallis) Sent: Thursday, November 14, 2013 9:31 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] Nova SSL Apache2 Question Hello Jesse, Thank you

Re: [openstack-dev] Nova SSL Apache2 Question

2013-11-13 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
/2013 07:20 PM, Miller, Mark M (EB SW Cloud - RD - Corvallis) wrote: Hello, I am trying to front all of the Grizzly OpenStack services with Apache2 in order to enable SSL. I've got Horizon and Keystone working but am struggling with Nova. The only documentation I have been able to find

[openstack-dev] Nova SSL Apache2 Question

2013-11-06 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, I am trying to front all of the Grizzly OpenStack services with Apache2 in order to enable SSL. I've got Horizon and Keystone working but am struggling with Nova. The only documentation I have been able to find is at URL http://www.rackspace.com/blog/enabling-ssl-for-the-openstack-api/

Re: [openstack-dev] Nova SSL Apache2 Question

2013-11-06 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
/yum/content/installing-openstack-dashboard.html Anne Gentle Content Stacker a...@openstack.org On Nov 7, 2013, at 8:20 AM, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.com wrote: Hello, I am trying to front all of the Grizzly OpenStack services with Apache2

[openstack-dev] Horizon OPENSTACK_SSL_NO_VERIFY Question

2013-11-04 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello community, I am trying to go through my OpenStack installation and turn on SSL. For the Horizon server I have found environment variable OPENSTACK_SSL_NO_VERIFY to use with unsigned certificates (set it to True for self-signed certificates). This works great when I turn Keystone SSL on

Re: [openstack-dev] Possible Keystone OS-TRUST bug

2013-10-28 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
can track this? https://bugs.launchpad.net/keystone Thanks! On Fri, Oct 25, 2013 at 5:47 PM, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.commailto:mark.m.mil...@hp.com wrote: Hello, We are getting an HTTP 500 error when we try to list all trusts. We can list individual

[openstack-dev] Keystone TLS Question

2013-10-25 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, Is there any direct TLS support by Keystone other than using the Apache2 front end? Mark ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Keystone TLS Question

2013-10-25 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
, Client hello (1): root@build-HP-Compaq-6005-Pro-SFF-PC:/etc/keystone# From: Miller, Mark M (EB SW Cloud - RD - Corvallis) Sent: Friday, October 25, 2013 8:58 AM To: OpenStack Development Mailing List Subject: [openstack-dev] Keystone TLS Question Hello, Is there any direct TLS support

[openstack-dev] Possible Keystone OS-TRUST bug

2013-10-25 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, We are getting an HTTP 500 error when we try to list all trusts. We can list individual trusts, but not the generic list. GET REST Request: curl -v -X GET http://10.1.8.20:35357/v3/OS-TRUST/trusts -H X-Auth-Token: ed241ae1e986319086f3 REST Response: { error: {

[openstack-dev] Keystone RC1 Bug Question 1209440

2013-10-15 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, I have a generic question about the logic now available for LDAP users in association with bug 1209440. How do you associate a read-only LDAP user with a domain? LDAP users are not entered into the keystone user table so the only way I can see to associate a user with a domain is to

Re: [openstack-dev] Keystone OS-EP-FILTER descrepancy

2013-10-09 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
] Keystone OS-EP-FILTER descrepancy We have imporved the extension enumeration in Keystone. If you got to http://hostname:35357/v3 you should see a listing of the extensions that are enabled for that Keystone server On 10/08/2013 07:07 PM, Miller, Mark M (EB SW Cloud - RD - Corvallis) wrote

Re: [openstack-dev] Keystone Apache2 Installation Question

2013-10-09 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
to do will never work? Do I have to set some flag to get python-keystoneclient/Dashboard to pass the username/password as basicauth instead of in a json form? Thanks, Kevin From: Miller, Mark M (EB SW Cloud - RD - Corvallis) [mark.m.mil...@hp.com

[openstack-dev] Keystone OS-EP-FILTER descrepancy

2013-10-08 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, I am attempting to test the Havana v3 OS-EP-FILTER extension with the latest RC1 bits and I get a 404 error response. The documentation actually shows 2 different URIs for this API: - GET /OS-EP-FILTER/projects/{project_id}/endpoints and

Re: [openstack-dev] Keystone OS-EP-FILTER descrepancy

2013-10-08 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
in the service catalog. The endpoint filter will return only the ones that you have associated with a particular project. Please bear in mind that this works only with scoped token (meaning where you pass a project id). -Original Message- From: Miller, Mark M (EB SW Cloud - RD

Re: [openstack-dev] Keystone OS-EP-FILTER descrepancy

2013-10-08 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
. -Original Message- From: Miller, Mark M (EB SW Cloud - RD - Corvallis) Sent: Tuesday, October 08, 2013 1:30 PM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] Keystone OS-EP-FILTER descrepancy Here is the response from Fabio: Mark, Please have a look

Re: [openstack-dev] Keystone OS-EP-FILTER descrepancy

2013-10-08 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
/keystone-manage db_sync --extension endpoint_filter 5. Once you have done the changes restart the keystone-server to apply the changes. -Original Message- From: Miller, Mark M (EB SW Cloud - RD - Corvallis) Sent: Tuesday, October 08, 2013 1:51 PM To: OpenStack Development Mailing List

[openstack-dev] keystone Identity API v3 OS-OAUTH1 Extension

2013-09-23 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, I would like to try/test the latest Keystone OS-OAUTH1 Extension, but I have not figured out how to access it with the latest H-3 code release. The documentation states that this extension requires v3.0+ of the Identity API. Questions: 1. What version of the Identity API is included in

Re: [openstack-dev] keystone Identity API v3 OS-OAUTH1 Extension

2013-09-23 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
| A4-317 @ IBM Toronto Software Lab Software Developer - OpenStack Phone: (905) 413-2851 E-Mail: steve...@ca.ibm.commailto:steve...@ca.ibm.com [Inactive hide details for Miller, Mark M (EB SW Cloud - RD - Corvallis) ---09/23/2013 04:12:15 PM---Hello, I would like to t]Miller, Mark M (EB SW Cloud

[openstack-dev] OpenStack Identity API Documentation Kudos

2013-09-17 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello to all you documenters, I have spent the day reviewing the latest OpenStack Identity API documents and want to say that you have done a truly TERRIFIC job. The latest revisions are clear and complete. Thank you, Mark Miller ___ OpenStack-dev

Re: [openstack-dev] WebUI and user roles

2013-09-16 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
FYI: We were thinking about using the new Keystone policy API, but fell back to using files on the file system due to not having a way to retrieve the policies from Keystone other than with an ID string. After saving the policy file you need to save the policy ID somewhere so you might as well

Re: [openstack-dev] WebUI and user roles

2013-09-16 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
and user roles On Mon, Sep 16, 2013 at 11:35 AM, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.commailto:mark.m.mil...@hp.com wrote: FYI: We were thinking about using the new Keystone policy API, but fell back to using files on the file system due to not having a way to retrieve

Re: [openstack-dev] OpenLdap for Keystone

2013-09-06 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
To: OpenStack Development Mailing List Subject: Re: [openstack-dev] OpenLdap for Keystone I would lov On Thu, Sep 5, 2013 at 2:57 PM, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.commailto:mark.m.mil...@hp.com wrote: Thanks Dean. I was able to combine sections of each script

Re: [openstack-dev] OpenLdap for Keystone

2013-09-05 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
...@us.ibm.commailto:bto...@us.ibm.com Assistant: Cindy Willman (919) 268-5296 From:Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.commailto:mark.m.mil...@hp.com To:OpenStack Development Mailing List openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org

Re: [openstack-dev] OpenLdap for Keystone

2013-09-05 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
On Thu, Sep 5, 2013 at 11:18 AM, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.commailto:mark.m.mil...@hp.com wrote: Thanks Brad for the pointer. Is there any way to just install the OpenLdap piece and not the entire OpenStack? You can install a Keystone-only DevStack, but I suspect

[openstack-dev] Recent Keystone OpenLDAP install documentation

2013-09-03 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, I am looking for recent OpenLDAP installation and configuration documentation to use with Keystone Havana H2. Please let me know if you have a pointer to some. Regards, Mark Miller ___ OpenStack-dev mailing list

Re: [openstack-dev] [keystone] Two BPs for managing the tokens

2013-08-23 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, I would think you would want to reuse the same token but update the expiration time as if it were the first time the token had been generated. Mark From: Yongsheng Gong [mailto:gong...@unitedstack.com] Sent: Friday, August 23, 2013 12:40 AM To: OpenStack Development Mailing List

[openstack-dev] General Question about CentOS

2013-08-16 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Is OpenStack supported on CentOS running Python 2.6? Thanks, Mark ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [keystone] Pagination

2013-08-13 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
I have been following this exchange of ideas on how to solve/implement pagination. I would ask you to keep in mind that a solution needs to take into account a split LDAP/SQL backend (you are not always dealing with a single Keystone SQL database). Having a split backend means that the query

[openstack-dev] Keystone Apache2 Installation Question

2013-08-12 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, I am looking for documentation on how to install/configure Apache2 as the Keystone front end for Ubuntu 12.04. I have found various documentation snippets for a variety of applications and operating systems, but nothing for Ubuntu. Any pointers would greatly be appreciated. I have been

Re: [openstack-dev] Keystone Apache2 Installation Question

2013-08-12 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
] Keystone Apache2 Installation Question What problem(s) are you running into when following the above documentation / examples? On Mon, Aug 12, 2013 at 3:32 PM, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.commailto:mark.m.mil...@hp.com wrote: Hello, I am looking

Re: [openstack-dev] Keystone Apache2 Installation Question

2013-08-12 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
: https://github.com/openstack/keystone/blob/master/doc/source/apache-httpd.rst Thanks, Mark From: Miller, Mark M (EB SW Cloud - RD - Corvallis) Sent: Monday, August 12, 2013 1:45 PM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] Keystone Apache2 Installation Question

Re: [openstack-dev] Keystone Apache2 Installation Question

2013-08-12 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
: Miller, Mark M (EB SW Cloud - RD - Corvallis) Sent: Monday, August 12, 2013 3:10 PM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] Keystone Apache2 Installation Question Looks like I may be ahead of the game. It doesn't look like this blueprint has been started yet. Am I correct

Re: [openstack-dev] [keystone] Pagination

2013-08-12 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
The main reason I use user lists (i.e. keystone user-list) is to get the list of usernames/IDs for other keystone commands. I do not see the value of showing all of the users in an LDAP server when they are not part of the keystone database (i.e. do not have roles assigned to them). Performing

Re: [openstack-dev] Keystone Split Backend LDAP Hang Problem

2013-08-08 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] Keystone Split Backend LDAP Hang Problem On 08/07/2013 08:05 PM, Miller, Mark M (EB SW Cloud - RD - Corvallis) wrote: I have been thinking about the keystone user lookup GET API for a split LDAP/SQL backend when you are using a read

Re: [openstack-dev] Keystone Split Backend LDAP Configuration Question

2013-08-07 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, I am trying to figure out what to use for the user_enabled_* attributes for the HP Enterprise Directory servers. It looks like the enabled attribute values in the keystone.conf file are expected to have numerical values. From(URL

Re: [openstack-dev] Keystone Split Backend LDAP Hang Problem

2013-08-07 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, I ran into an issue/problem with keystone and it is ok to simply tell me to don't do that, but I am wondering how others approach this problem. I have the keystone H-2 split backend code connected the HP Enterprise Directory which is humongous in size. From that directory I have only

Re: [openstack-dev] Keystone Split Backend LDAP Hang Problem

2013-08-07 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
://blueprints.launchpad.net/keystone/+spec/pagination-backend-support On Wed, Aug 7, 2013 at 3:56 PM, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.commailto:mark.m.mil...@hp.com wrote: Hello, I ran into an issue/problem with keystone and it is ok to simply tell me to don't do

Re: [openstack-dev] Keystone Split Backend LDAP Question

2013-08-05 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
of the “get_user_by_name()” method. Does anyone know why or how to fix this or if what I am trying to do even works? Regards, Mark Miller From: Miller, Mark M (EB SW Cloud - RD - Corvallis) Sent: Friday, August 02, 2013 4:00 PM To: OpenStack Development Mailing List; Adam Young (ayo...@redhat.com); Dolph

Re: [openstack-dev] Keystone Split Backend LDAP Question

2013-08-05 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
PM To: Miller, Mark M (EB SW Cloud - RD - Corvallis) Cc: OpenStack Development Mailing List; Dolph Mathews (dolph.math...@gmail.com); Yee, Guang Subject: Re: Keystone Split Backend LDAP Question On 08/02/2013 06:59 PM, Miller, Mark M (EB SW Cloud - RD - Corvallis) wrote: Hello, With some minor

Re: [openstack-dev] Keystone Split Backend LDAP Question

2013-08-02 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, With some minor tweaking of the keystone common/ldap/core.py file, I have been able to authenticate and get an unscoped token for a user from an LDAP Enterprise Directory. I want to continue testing but I have some questions that need to be answered before I can continue. 1. Do

[openstack-dev] Keystone Split Backend Debugging

2013-07-29 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Hello, Summary: I am attempting to configure the Keystone H-2 release to use an Enterprise Directory as the Identity backend and SQL as the Assignment backend (without TLS for now). I first installed Keystone H-2 on an Ubuntu vm server and got it up and running using a local SQL database for

Re: [openstack-dev] A vision for Keystone

2013-07-26 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Adam, Which Havana Blueprint provides support for the feature you mention in your article below? To move beyond bearer tokens requires multiple steps. In order to link the token to a user, the user needs to use a secure authentication mechanism, and then link the token to that mechanism. A

Re: [openstack-dev] A vision for Keystone

2013-07-26 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
Thank you. From: Adam Young [mailto:ayo...@redhat.com] Sent: Friday, July 26, 2013 9:54 AM To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] A vision for Keystone On 07/26/2013 12:26 PM, Miller, Mark M (EB SW Cloud - RD - Corvallis) wrote: Adam, Which Havana Blueprint provides