On 04/23/2014 01:54 PM, Michael Hearn wrote:
As I understand it, within an icehouse implementation of keystone
when utilising a single LDAP server as the assignment backend, only
one Domain (default) is supported.
I believe there are plans to extend this ability in Juno but to what
extent? Can anyone hint at the direction being taken? For example
will keystone support a Domain' organizational unit' in the LDAP schema ?
The idea is that each Domain will live in a separate subtree, which is
potentially in a different LDAP server.
There is a start of this from the Horizon timeframe, but issues with
deconflicting UserIDs between multiple LDAP servers, or even different
SAML SOurces in the Federation case, meant that we had to take a step
back. Dealing with the Id issue is an hourlong session at the OpenStack
Design summit.
Many Thanks
Mike
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
