Hi Adam, Can the keystone use MS AD Server as back end now? 2012/9/25 Adam Young <ayo...@redhat.com>
> On 09/24/2012 10:45 PM, 邱剑 wrote: > > > Thanks. Adam. > > Is there any way to configure FreeIPA LDAP to have this structure? > > > Yes there is. > > I originally wrote it up here: > > http://adam.younglogic.com/2012/02/freeipa-keystone-ldap/ > > and checked it recently to see if I could do LDAPS (yes I could): > > http://adam.younglogic.com/2012/09/ldaps-against-a-freeipa-server/ > > > > > Many thanks. > > On Sep 24, 2012, at 11:10 PM, Adam Young wrote: > > Role is grouped in the collection under the Tenant, with the userid in > the members attribute for that role. > > > > On 09/24/2012 03:18 AM, 邱剑 wrote: > > > Openstack services need user account with 'admin' role. But I could not > figure out how FreeIPA propagate 'role' into Keystone. > > That's why I'm asking the question in mailing list. > > > On Sep 24, 2012, at 11:30 AM, spring wrote: > > Thanks qiujian! > By using this configuration, can we log in through dashboard? If I want to > implement that, is there any other configuration I have to do? > > 2012/9/24 邱剑 <qiuj...@meituan.com> > >> BTW, here is my configuration: >> >> [ldap] >> url = ldap://10.64.11.199 >> tree_dn = cn=accounts,dc=mydomain,dc=com >> user_tree_dn = cn=users,cn=accounts,dc=mydomain,dc=com >> user_objectclass = person >> user_name_attribute = uid >> user_id_attribute = uid >> tenant_tree_dn = cn=groups,cn=accounts,dc=mydomain,dc=com >> tenant_objectclass = posixgroup >> tenant_id_attribute = cn >> tenant_name_attribute = cn >> tenant_member_attribute = member >> role_tree_dn = cn=groups,cn=accounts,dc=mydomain,dc=com >> role_objectclass = posixgroup >> role_id_attribute = cn >> role_name_attribute = cn >> role_member_attribute = member >> user = uid=sudo,cn=sysaccounts,cn=etc,dc=mydomain,dc=com >> password = mysudopassword >> suffix = cn=mydomain,cn=com >> >> >> [identity] >> driver = keystone.identity.backends.ldap.Identity >> >> It seems that keystone LDAP requires role nodes the children of tenant >> nodes. But FreeIPA has a flat structure. >> >> -- >> 邱剑 >> 美团网技术部系统运维组 - 系统工程师 >> 手机:1381129925 >> 邮件:qiuj...@meituan.com >> >> On Sep 22, 2012, at 12:27 PM, 邱剑 wrote: >> >> Hi, >> >> I was working on using LDAP of FreeIP as backend of Keystone. >> >> User and tenants information can be fetched from LDAP. However, I could >> not figure out how to assign roles to users in specific tenants. I'm >> wondering whether someone can help? >> >> I noticed that Mr. Adam Young had post a blog about this topic: >> >> http://adam.younglogic.com/2012/09/ldaps-against-a-freeipa-server/ >> >> However, it did not show how to import roles in LDAP. I'm wondering >> whether there is any progress about this? >> >> Many thanks. >> >> keystone in use was the latest master branch on github on Sep 21, 2012. >> >> >> Jian Qiu >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > > > -- > Huang Shuquan (黄舒泉) > Software Institute of Nanjing University Nanjing, P.R.China > Mobile: 86 137 7086 4433 > > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > -- Huang Shuquan (黄舒泉) Software Institute of Nanjing University Nanjing, P.R.China Mobile: 86 137 7086 4433
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
