Determining subtrees for Keystone LDAP integration

Asked by Fatih Güçlü Akkaya on 2012-02-14


I am trying to use our existing user database for keystone. Since the schemas are not the same, i tried to levarage from LDAP by matching a predefined keystone schema with existing database schema using back-sql. So for i am successful at integration keystone with OpenLDAP server (ver 2.4.23) using a MySQL database as backend. However during investigating the code for keystone ldap integration i realize that on the ldap side two sub trees ou=Groups,dc=example,dc=com and ou=User,dc=example,dc=com must be defined. However i want to keystone to look for sub trees under the domain that i defined myself. I know that this a configuration issue in the keystone.conf for the ldap backend part. Can you show me a sample configuration which uses values for LDAP dn s defined by the user?


Question information

English Edit question
OpenStack Identity (keystone) Edit question
No assignee Edit question
Last query:
Last reply:
Joseph Heck (heckj) said : #1


Adam Young is re-implementing the LDAP support for the new baseline of keystone that just landed, and is documenting some of this thought work at for the implementation he's planning on landing in the very near future. I'd suggest taking a look at it to see if that re-implementation answers your question.


Can you help with this problem?

Provide an answer of your own, or ask Fatih Güçlü Akkaya for more information if necessary.

To post a message you must log in.