BTW, here is my configuration: [ldap] url = ldap://10.64.11.199 tree_dn = cn=accounts,dc=mydomain,dc=com user_tree_dn = cn=users,cn=accounts,dc=mydomain,dc=com user_objectclass = person user_name_attribute = uid user_id_attribute = uid tenant_tree_dn = cn=groups,cn=accounts,dc=mydomain,dc=com tenant_objectclass = posixgroup tenant_id_attribute = cn tenant_name_attribute = cn tenant_member_attribute = member role_tree_dn = cn=groups,cn=accounts,dc=mydomain,dc=com role_objectclass = posixgroup role_id_attribute = cn role_name_attribute = cn role_member_attribute = member user = uid=sudo,cn=sysaccounts,cn=etc,dc=mydomain,dc=com password = mysudopassword suffix = cn=mydomain,cn=com
[identity] driver = keystone.identity.backends.ldap.Identity It seems that keystone LDAP requires role nodes the children of tenant nodes. But FreeIPA has a flat structure. -- 邱剑 美团网技术部系统运维组 - 系统工程师 手机:1381129925 邮件:qiuj...@meituan.com On Sep 22, 2012, at 12:27 PM, 邱剑 wrote: > Hi, > > I was working on using LDAP of FreeIP as backend of Keystone. > > User and tenants information can be fetched from LDAP. However, I could not > figure out how to assign roles to users in specific tenants. I'm wondering > whether someone can help? > > I noticed that Mr. Adam Young had post a blog about this topic: > > http://adam.younglogic.com/2012/09/ldaps-against-a-freeipa-server/ > > However, it did not show how to import roles in LDAP. I'm wondering whether > there is any progress about this? > > Many thanks. > > keystone in use was the latest master branch on github on Sep 21, 2012. > > > Jian Qiu > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
