My understanding of "multi-tenant" would imply that:
* Tenant X and Tenant Y could both have a user 'jsmith' * Clients for either Tenant X or Tenant Y can format HTTP submissions as user jsmith that will look identical but will actually reference different accounts. * A client accessing the 'jsmith' account using network resource identified as belonging to Tentant X will reference3 the Tenant X 'jsmith' account, and in fact cannot see any Tenant Y accounts. * Therefore distinquishing between Tenant X and Tenant Y traffic has to be based on network addressing, not on packet contents. With Nova, using a single LDAP server that has the administrative users for each Tenant may be acceptable. But clearly for authenticating Swift users the LDAP server referenced itself has to be tenant dependent. The Swift User is an *end-user* of Tenant X or Tenant Y, neither Tenant will want to enter them into a central user database.
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
