Thanks guys; If the team says you cannot connect to our database directly - you must use our API, does this change the above suggestions or do these suggestions assume KS is talking to an API?
*Adam Lawson* AQORN, Inc. 427 North Tatnall Street Ste. 58461 Wilmington, Delaware 19801-2230 Toll-free: (844) 4-AQORN-NOW Direct: +1 (302) 268-6914 On Wed, Apr 23, 2014 at 11:58 AM, Matt Griffin <matt.grif...@percona.com>wrote: > Perhaps Percona Server's PAM plug-in might save you some time. > http://www.percona.com/doc/percona-server/5.6/management/pam_plugin.html > > Plus you'd probably get a performance gain over MySQL Community Edition. > > Best, > Matt Griffin > > > > > On Tue, Apr 22, 2014 at 10:42 PM, Adam Young <ayo...@redhat.com> wrote: > >> On 04/21/2014 02:28 PM, Adam Lawson wrote: >> >> Crap, hit send half-way through. Let's try this again... >> >> Can Keystone work with a non-KS database for authentication and >> authorization via API? There is an existing SQL database of >> users/passwords/roles etc supporting an existing cloud and I'm being asked >> to research the options how to introduce Keystone with read-only access. >> Finding options on how this might happen has been challenging. >> >> The bad news: You will have to write your own backend. >> The Good News: you don't need to implement a lot. All you need is the >> code to get users and groups. >> >> >> Take a look at the existing SQL backend and chop out anything that >> actually writes to the DB. Code is here: >> >> >> http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/sql.py >> >> >> Basically, they have a cloud with S3 object storage but want to move >> towards Swift + Keystone but continue using their existing database as the >> hub of all things related to credentials and authorizations. I figure >> Keystone can connect to a foreign SQL DB if the values were mapped >> correctly, but I don't know where this has been done prior. Thoughts? >> >> Mahalo, >> Adam >> >> >> * Adam Lawson* >> AQORN, Inc. >> 427 North Tatnall Street >> Ste. 58461 >> Wilmington, Delaware 19801-2230 >> Toll-free: (844) 4-AQORN-NOW >> Direct: +1 (302) 268-6914 >> >> >> >> On Mon, Apr 21, 2014 at 11:18 AM, Adam Lawson <alaw...@aqorn.com> wrote: >> >>> Small q company has a custom database with user/pass's scraped from LDAP >>> with some existing cloud concoction, Is there a straight forward way for >>> Keystone to use that database for authorization and authentication with >>> minimal development/re-tooling? Is there a good starting point to create an >>> API to use that database? >>> >>> >>> * Adam Lawson* >>> AQORN, Inc. >>> 427 North Tatnall Street >>> Ste. 58461 >>> Wilmington, Delaware 19801-2230 >>> Toll-free: (844) 4-AQORN-NOW >>> Direct: +1 (302) 268-6914 >>> >>> >> >> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack@lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> >> >> _______________________________________________ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack@lists.openstack.org >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
