Re: [Openstack] [Keystone] Leverage an existing (non-KS) DB?

Tue, 22 Apr 2014 20:55:32 -0700 

On 04/21/2014 02:28 PM, Adam Lawson wrote:

Crap, hit send half-way through. Let's try this again...
Can Keystone work with a non-KS database for authentication and authorization via API? There is an existing SQL database of users/passwords/roles etc supporting an existing cloud and I'm being asked to research the options how to introduce Keystone with read-only access. Finding options on how this might happen has been challenging. 
The bad news: You will have to write your own backend.
The Good News: you don't need to implement a lot. All you need is the code to get users and groups.
Take a look at the existing SQL backend and chop out anything that actually writes to the DB. Code is here: 

http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/sql.py
Basically, they have a cloud with S3 object storage but want to move towards Swift + Keystone but continue using their existing database as the hub of all things related to credentials and authorizations. I figure Keystone can connect to a foreign SQL DB if the values were mapped correctly, but I don't know where this has been done prior. Thoughts? 

Mahalo,
Adam

*/
Adam Lawson/*
AQORN, Inc.
427 North Tatnall Street
Ste. 58461
Wilmington, Delaware 19801-2230
Toll-free: (844) 4-AQORN-NOW
Direct: +1 (302) 268-6914
On Mon, Apr 21, 2014 at 11:18 AM, Adam Lawson <alaw...@aqorn.com <mailto:alaw...@aqorn.com>> wrote: 

    Small q company has a custom database with user/pass's scraped
    from LDAP with some existing cloud concoction, Is there a straight
    forward way for Keystone to use that database for authorization
    and authentication with minimal development/re-tooling? Is there a
    good starting point to create an API to use that database?

    */
    Adam Lawson/*
    AQORN, Inc.
    427 North Tatnall Street
    Ste. 58461
    Wilmington, Delaware 19801-2230
    Toll-free: (844) 4-AQORN-NOW
    Direct: +1 (302) 268-6914 <tel:%2B1%20%28302%29%20268-6914>




_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack



_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to