Thanks. Adam. Is there any way to configure FreeIPA LDAP to have this structure?
Many thanks. On Sep 24, 2012, at 11:10 PM, Adam Young wrote: > Role is grouped in the collection under the Tenant, with the userid in the > members attribute for that role. > > > > On 09/24/2012 03:18 AM, 邱剑 wrote: >> >> Openstack services need user account with 'admin' role. But I could not >> figure out how FreeIPA propagate 'role' into Keystone. >> >> That's why I'm asking the question in mailing list. >> >> >> On Sep 24, 2012, at 11:30 AM, spring wrote: >> >>> Thanks qiujian! >>> By using this configuration, can we log in through dashboard? If I want to >>> implement that, is there any other configuration I have to do? >>> >>> 2012/9/24 邱剑 <[email protected]> >>> BTW, here is my configuration: >>> >>> [ldap] >>> url = ldap://10.64.11.199 >>> tree_dn = cn=accounts,dc=mydomain,dc=com >>> user_tree_dn = cn=users,cn=accounts,dc=mydomain,dc=com >>> user_objectclass = person >>> user_name_attribute = uid >>> user_id_attribute = uid >>> tenant_tree_dn = cn=groups,cn=accounts,dc=mydomain,dc=com >>> tenant_objectclass = posixgroup >>> tenant_id_attribute = cn >>> tenant_name_attribute = cn >>> tenant_member_attribute = member >>> role_tree_dn = cn=groups,cn=accounts,dc=mydomain,dc=com >>> role_objectclass = posixgroup >>> role_id_attribute = cn >>> role_name_attribute = cn >>> role_member_attribute = member >>> user = uid=sudo,cn=sysaccounts,cn=etc,dc=mydomain,dc=com >>> password = mysudopassword >>> suffix = cn=mydomain,cn=com >>> >>> >>> [identity] >>> driver = keystone.identity.backends.ldap.Identity >>> >>> It seems that keystone LDAP requires role nodes the children of tenant >>> nodes. But FreeIPA has a flat structure. >>> >>> -- >>> 邱剑 >>> 美团网技术部系统运维组 - 系统工程师 >>> 手机:1381129925 >>> 邮件:[email protected] >>> >>> On Sep 22, 2012, at 12:27 PM, 邱剑 wrote: >>> >>>> Hi, >>>> >>>> I was working on using LDAP of FreeIP as backend of Keystone. >>>> >>>> User and tenants information can be fetched from LDAP. However, I could >>>> not figure out how to assign roles to users in specific tenants. I'm >>>> wondering whether someone can help? >>>> >>>> I noticed that Mr. Adam Young had post a blog about this topic: >>>> >>>> http://adam.younglogic.com/2012/09/ldaps-against-a-freeipa-server/ >>>> >>>> However, it did not show how to import roles in LDAP. I'm wondering >>>> whether there is any progress about this? >>>> >>>> Many thanks. >>>> >>>> keystone in use was the latest master branch on github on Sep 21, 2012. >>>> >>>> >>>> Jian Qiu >>>> _______________________________________________ >>>> Mailing list: https://launchpad.net/~openstack >>>> Post to : [email protected] >>>> Unsubscribe : https://launchpad.net/~openstack >>>> More help : https://help.launchpad.net/ListHelp >>> >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : [email protected] >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >>> >>> >>> >>> >>> -- >>> Huang Shuquan (黄舒泉) >>> Software Institute of Nanjing University Nanjing, P.R.China >>> Mobile: 86 137 7086 4433 >>> >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
