Hello, With some minor tweaking of the keystone common/ldap/core.py file, I have been able to authenticate and get an unscoped token for a user from an LDAP Enterprise Directory. I want to continue testing but I have some questions that need to be answered before I can continue.
1. Do I need to add the user from the LDAP server to the Keystone SQL database or will the H-2 code search the LDAP server? 2. When I performed a "keystone user-list" the following log file entries were written indicating that keystone was attempting to get all the users on the massive Enterprise Directory. How do we limit this query to just the one user or group of users we are interested in? 2013-07-23 14:04:31 DEBUG [keystone.common.ldap.core] LDAP bind: dn=cn=CloudOSKeystoneDev, ou=Applications, o=hp.com 2013-07-23 14:04:32 DEBUG [keystone.common.ldap.core] In get_connection 6 user: cn=CloudOSKeystoneDev, ou=Applications, o=hp.com 2013-07-23 14:04:32 DEBUG [keystone.common.ldap.core] MY query in _ldap_get_all: (&) 2013-07-23 14:04:32 DEBUG [keystone.common.ldap.core] LDAP search: dn=ou=People,o=hp.com, scope=2, query=(&), attrs=['businessCategory', 'userPassword', 'hpStatus', 'mail', 'uid'] 3. Next I want to acquire a scoped token. How do I assign the LDAP user to a local project? Regards, Mark Miller
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
