OpenStack Identity (keystone)

Determining subtrees for Keystone LDAP integration

Asked by Fatih Güçlü Akkaya

Hi,

I am trying to use our existing user database for keystone. Since the schemas are not the same, i tried to levarage from LDAP by matching a predefined keystone schema with existing database schema using back-sql. So for i am successful at integration keystone with OpenLDAP server (ver 2.4.23) using a MySQL database as backend. However during investigating the code for keystone ldap integration i realize that on the ldap side two sub trees ou=Groups,dc=example,dc=com and ou=User,dc=example,dc=com must be defined. However i want to keystone to look for sub trees under the domain that i defined myself. I know that this a configuration issue in the keystone.conf for the ldap backend part. Can you show me a sample configuration which uses values for LDAP dn s defined by the user?

Thanks

Question information

Language:
English Edit question
Status:
Answered
For:
OpenStack Identity (keystone) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Joseph Heck (heckj) said : 		#1

Fatih,

Adam Young is re-implementing the LDAP support for the new baseline of keystone that just landed, and is documenting some of this thought work at http://adam.younglogic.com/2012/02/openstack-keystone-ldap-redux/ for the implementation he's planning on landing in the very near future. I'd suggest taking a look at it to see if that re-implementation answers your question.

-joe

Can you help with this problem?

Provide an answer of your own, or ask Fatih Güçlü Akkaya for more information if necessary.

To post a message you must log in.