On 25 July 2015 at 04:02, Adam Young ayo...@redhat.com wrote:
This has come up numerous times, as I am sure you are now aware by reading
the rest of the thread.
Yes indeed :) I was thinking as I wrote it that I can't be the first
person with this question.
However I think Daviey has shown me
Matt,
Your hybrid driver seems to be doing something different than what Julian was
asking - namely providing some “automatic role assignments” for users stored in
LDAP (unless I am not understanding your patch)? I guess you could argue
that’s a restricted version of being able to create
On 24 July 2015 at 14:50, Steve Martinelli steve...@ca.ibm.com wrote:
The LDAP driver for identity shouldn't require write access to look up
groups. It'll only require write access if you want to allow Keystone to
create/delete/update new groups.
Not sure what you mean by requires an LDAP
On 24 July 2015 at 14:51, Matt Fischer m...@mattfischer.com wrote:
Julian,
You want this hybrid backend driver. Bind against LDAP for auth, store
everything else in mysql:
https://github.com/SUSE-Cloud/keystone-hybrid-backend
We maintain our own fork with has a few small differences. I do
On 24 July 2015 at 05:00, Julian Edwards bigjo...@gmail.com wrote:
Hello,
I am relatively new to Openstack and Keystone so please forgive me any
crazy misunderstandings here.
One of the problems with the existing LDAP Identity driver that I see
is that for group management it needs write
On Friday 24 July 2015 09:29:32 Dave Walker wrote:
On 24 July 2015 at 05:00, Julian Edwards bigjo...@gmail.com wrote:
Tl;DR is that the *User* management can come from LDAP via the
Identity driver, but the Project/Tenants and Roles on these come from
the *Assignment* driver via SQL - almost as
On 24 July 2015 at 15:26, Boris Bobrov bbob...@mirantis.com wrote:
On Friday 24 July 2015 09:29:32 Dave Walker wrote:
On 24 July 2015 at 05:00, Julian Edwards bigjo...@gmail.com wrote:
Tl;DR is that the *User* management can come from LDAP via the
Identity driver, but the Project/Tenants and
to support a
domain column for groups?
Thanks,
Kevin
From: Steve Martinelli
Sent: Thursday, July 23, 2015 9:50:25 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [keystone] LDAP identity driver with groups from
On Fri, Jul 24, 2015 at 12:02 PM, Adam Young ayo...@redhat.com wrote:
On 07/24/2015 12:00 AM, Julian Edwards wrote:
Hello,
I am relatively new to Openstack and Keystone so please forgive me any
crazy misunderstandings here.
One of the problems with the existing LDAP Identity driver that I
On 07/24/2015 12:00 AM, Julian Edwards wrote:
Hello,
I am relatively new to Openstack and Keystone so please forgive me any
crazy misunderstandings here.
One of the problems with the existing LDAP Identity driver that I see
is that for group management it needs write access to the LDAP server,
On Fri, Jul 24, 2015 at 1:10 AM, Henry Nash hen...@linux.vnet.ibm.com
wrote:
Matt,
Your hybrid driver seems to be doing something different than what Julian
was asking - namely providing some “automatic role assignments” for users
stored in LDAP (unless I am not understanding your patch)? I
On Fri, Jul 24, 2015 at 1:01 AM, Julian Edwards bigjo...@gmail.com wrote:
On 24 July 2015 at 14:51, Matt Fischer m...@mattfischer.com wrote:
Julian,
You want this hybrid backend driver. Bind against LDAP for auth, store
everything else in mysql:
?
Thanks,
Steve Martinelli
OpenStack Keystone Core
Julian Edwards bigjo...@gmail.com wrote on 2015/07/24 12:00:33 AM:
From: Julian Edwards bigjo...@gmail.com
To: openstack-dev@lists.openstack.org
Date: 2015/07/24 12:01 AM
Subject: [openstack-dev] [keystone] LDAP identity driver with groups
Julian,
You want this hybrid backend driver. Bind against LDAP for auth, store
everything else in mysql:
https://github.com/SUSE-Cloud/keystone-hybrid-backend
We maintain our own fork with has a few small differences. I do not use the
assignment portion of the driver and I'm not sure anyone
Hello,
I am relatively new to Openstack and Keystone so please forgive me any
crazy misunderstandings here.
One of the problems with the existing LDAP Identity driver that I see
is that for group management it needs write access to the LDAP server,
or requires an LDAP admin to set up groups
15 matches
Mail list logo