Re: [Openstack] FreeIPA LDAP + Keystone question: How to assign roles to user?

Hi Adam, Can the keystone use MS AD Server as back end now? 2012/9/25 Adam Young ayo...@redhat.com On 09/24/2012 10:45 PM, 邱剑 wrote: Thanks. Adam. Is there any way to configure FreeIPA LDAP to have this structure? Yes there is. I originally wrote it up here:

Re: [Openstack] FreeIPA LDAP + Keystone question: How to assign roles to user?

Thanks. Adam. I saw in your blog Keystone Roles are not yet implemented. In order to make OpenStack work, it seems I have to assign admin role to some users On Sep 25, 2012, at 11:01 PM, Adam Young wrote: On 09/24/2012 10:45 PM, 邱剑 wrote: Thanks. Adam. Is there any way to configure

Re: [Openstack] FreeIPA LDAP + Keystone question: How to assign roles to user?

Openstack services need user account with 'admin' role. But I could not figure out how FreeIPA propagate 'role' into Keystone. That's why I'm asking the question in mailing list. On Sep 24, 2012, at 11:30 AM, spring wrote: Thanks qiujian! By using this configuration, can we log in through

Re: [Openstack] FreeIPA LDAP + Keystone question: How to assign roles to user?

Role is grouped in the collection under the Tenant, with the userid in the members attribute for that role. On 09/24/2012 03:18 AM, ?? wrote: Openstack services need user account with 'admin' role. But I could not figure out how FreeIPA propagate 'role' into Keystone. That's why I'm

Re: [Openstack] FreeIPA LDAP + Keystone question: How to assign roles to user?

Thanks. Adam. Is there any way to configure FreeIPA LDAP to have this structure? Many thanks. On Sep 24, 2012, at 11:10 PM, Adam Young wrote: Role is grouped in the collection under the Tenant, with the userid in the members attribute for that role. On 09/24/2012 03:18 AM, 邱剑 wrote:

Re: [Openstack] FreeIPA LDAP + Keystone question: How to assign roles to user?

BTW, here is my configuration: [ldap] url = ldap://10.64.11.199 tree_dn = cn=accounts,dc=mydomain,dc=com user_tree_dn = cn=users,cn=accounts,dc=mydomain,dc=com user_objectclass = person user_name_attribute = uid user_id_attribute = uid tenant_tree_dn = cn=groups,cn=accounts,dc=mydomain,dc=com

Re: [Openstack] FreeIPA LDAP + Keystone question: How to assign roles to user?

Thanks qiujian! By using this configuration, can we log in through dashboard? If I want to implement that, is there any other configuration I have to do? 2012/9/24 邱剑 qiuj...@meituan.com BTW, here is my configuration: [ldap] url = ldap://10.64.11.199 tree_dn = cn=accounts,dc=mydomain,dc=com

[Openstack] FreeIPA LDAP + Keystone question: How to assign roles to user?

Hi, I was working on using LDAP of FreeIP as backend of Keystone. User and tenants information can be fetched from LDAP. However, I could not figure out how to assign roles to users in specific tenants. I'm wondering whether someone can help? I noticed that Mr. Adam Young had post a blog