Openstack services need user account with 'admin' role. But I could not figure out how FreeIPA propagate 'role' into Keystone.
That's why I'm asking the question in mailing list. On Sep 24, 2012, at 11:30 AM, spring wrote: > Thanks qiujian! > By using this configuration, can we log in through dashboard? If I want to > implement that, is there any other configuration I have to do? > > 2012/9/24 邱剑 <qiuj...@meituan.com> > BTW, here is my configuration: > > [ldap] > url = ldap://10.64.11.199 > tree_dn = cn=accounts,dc=mydomain,dc=com > user_tree_dn = cn=users,cn=accounts,dc=mydomain,dc=com > user_objectclass = person > user_name_attribute = uid > user_id_attribute = uid > tenant_tree_dn = cn=groups,cn=accounts,dc=mydomain,dc=com > tenant_objectclass = posixgroup > tenant_id_attribute = cn > tenant_name_attribute = cn > tenant_member_attribute = member > role_tree_dn = cn=groups,cn=accounts,dc=mydomain,dc=com > role_objectclass = posixgroup > role_id_attribute = cn > role_name_attribute = cn > role_member_attribute = member > user = uid=sudo,cn=sysaccounts,cn=etc,dc=mydomain,dc=com > password = mysudopassword > suffix = cn=mydomain,cn=com > > > [identity] > driver = keystone.identity.backends.ldap.Identity > > It seems that keystone LDAP requires role nodes the children of tenant nodes. > But FreeIPA has a flat structure. > > -- > 邱剑 > 美团网技术部系统运维组 - 系统工程师 > 手机:1381129925 > 邮件:qiuj...@meituan.com > > On Sep 22, 2012, at 12:27 PM, 邱剑 wrote: > >> Hi, >> >> I was working on using LDAP of FreeIP as backend of Keystone. >> >> User and tenants information can be fetched from LDAP. However, I could not >> figure out how to assign roles to users in specific tenants. I'm wondering >> whether someone can help? >> >> I noticed that Mr. Adam Young had post a blog about this topic: >> >> http://adam.younglogic.com/2012/09/ldaps-against-a-freeipa-server/ >> >> However, it did not show how to import roles in LDAP. I'm wondering whether >> there is any progress about this? >> >> Many thanks. >> >> keystone in use was the latest master branch on github on Sep 21, 2012. >> >> >> Jian Qiu >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > > > -- > Huang Shuquan (黄舒泉) > Software Institute of Nanjing University Nanjing, P.R.China > Mobile: 86 137 7086 4433 >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
