Our Active Directory is indeed read only.
What I am trying to do is use existing AD security groups which are used to define the different groups in our organisation to assign users to projects. The projects would created against the sql domain. I know that I could do this on a user by user basis but that would increase the administrative overhead. When you say that assignments are deprecated, I assume that you mean assignments and projects both being against the LDAP domain? Thanks Alexander From: Adam Young [mailto:ayo...@redhat.com] Sent: 01 March 2016 19:51 To: openstack@lists.openstack.org Subject: Re: [Openstack] Keystone With Active Directory On 02/29/2016 10:07 AM, alexander.di...@stfc.ac.uk <mailto:alexander.di...@stfc.ac.uk> wrote: Hi all, I am in the process of setting up a Liberty deployment, with multi-domain keystone connected to Active Directory. I am just wondering if anybody is using Security Groups in Active Directory to map roles to projects? If so how are you doing this? Regards Alexander Dibbo _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org <mailto:openstack@lists.openstack.org> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Keystone support for Assignment from LDAP is deprecated. AD tends to be read only from an Openstack deployment. Do you have writable AD available?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
