Try /etc/kolla/config/keystone/domains/keystone.$DOMAIN.conf Thanks
On 2 February 2017 at 00:20, Christian Tardif <christian.tar...@servinfo.ca> wrote: > Will sure give it a try ! And from a kolla perspective, it means that this > file should go in /etc/kolla/config/domains/keystone.$DOMAIN.conf in > order to be pushed to the relevant containers ? > ------------------------------ > > > *Christian Tardif*christian.tar...@servinfo.ca > > SVP, pensez à l’environnement avant d’imprimer ce message. > > > > ------ Message d'origine ------ > De: "Dave Walker" <em...@daviey.com> > À: "OpenStack Development Mailing List (not for usage questions)" < > openstack-dev@lists.openstack.org> > Envoyé : 2017-02-01 11:39:15 > Objet : Re: [openstack-dev] [kolla] Domains support > > Hi Christian, > > I added the domain support, but I didn't document it as well as I should > have. Apologies! > > This is the config I am using to talk to a windows AD server. Hope this > helps. > > create a domain specific file: > etc/keystone/domains/keystone.$DOMAIN.conf: > > [ldap] > use_pool = true > pool_size = 10 > pool_retry_max = 3 > pool_retry_delay = 0.1 > pool_connection_timeout = -1 > pool_connection_lifetime = 600 > use_auth_pool = false > auth_pool_size = 100 > auth_pool_connection_lifetime = 60 > url = ldap://server1:389,ldap://server2:389 > user = CN=Linux SSSD Kerberos Service Account,CN=Users,DC=example,DC=com > password = password > suffix = dc=example,dc=com > user_tree_dn = OU=Personnel,OU=Users,OU= > example,DC=example,DC=com > user_objectclass = person > user_filter = (memberOf=CN=mail,OU=GPO > Security,OU=Groups,OU=COMPANY,DC=example,DC=com) > user_id_attribute = sAMAccountName > user_name_attribute = sAMAccountName > user_description_attribute = displayName > user_mail_attribute = mail > user_pass_attribute = > user_enabled_attribute = userAccountControl > user_enabled_mask = 2 > user_enabled_default = 512 > user_attribute_ignore = password,tenant_id,tenants > group_tree_dn = OU=GPO Security,OU=Groups,OU=COMPANY, > DC=example,DC=com > group_name_attribute = name > group_id_attribute = cn > group_objectclass = group > group_member_attribute = member > > [identity] > driver = keystone.identity.backends.ldap.Identity > > [assignment] > driver = keystone.assignment.backends.sql.Assignment > > -- > Kind Regards, > Dave Walker > > On 1 February 2017 at 05:03, Christian Tardif < > christian.tar...@servinfo.ca> wrote: > >> Hi, >> >> I'm looking for domains support in Kolla. I've searched, but didn't find >> anything relevant. Could someone point me how to achieve this? >> >> What I'm really looking for, in fact, is a decent way or setting auth >> through LDAP backend while keeping service users (neutron, for example) in >> the SQL backend. I know that this can be achieved with domains support >> (leaving default domain on SQL, and another domain for LDAP users. Or maybe >> there's another of doing this? >> >> Thanks, >> ------------------------------ >> >> >> *Christian Tardif*christian.tar...@servinfo.ca >> >> ____________________________________________________________ >> ______________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
