openstack team mailing list archive

Thread
Date

Re: swauth_novaldap released

To: Greg Holt <gholt@xxxxxxxxxxxxx>
From: Akira YOSHIYAMA <yosshy@xxxxxxxxxxxx>
Date: Sat, 4 Jun 2011 20:13:47 +0900
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <93019FE0-9994-400A-B115-EE12F1102FEF@rackspace.com>

Hi Greg,

Thank you for your response.

On Fri, 3 Jun 2011 09:53:01 -0500
Greg Holt <gholt@xxxxxxxxxxxxx> wrote:

> Very, very cool!
> 
> Just curious, what's the reason for the account, user -> user, account switch in swift3.py?

The format of Authorization header of S3 API is below:

	Authorization: LOW Accesskey:Secret

And accesskey of Nova is below:

	AccessKey = User:Project

So, Authorization header of Swift3 forms:

	Authorization: LOW User:Project:secret

swauth_novaldap presumed that projects of Nova are accounts of Swift, so
that header is User:Account:secret. So, we have to change that code
from account,user,_junk to user,account,_junk.

Best regards,
   Akira YOSHIYAMA <yosshy@xxxxxxxxxxxx>

> On Jun 3, 2011, at 9:25 AM, Akira YOSHIYAMA wrote:
> 
> > Hi Stackers,
> > 
> > I'm pleased to announce swauth_novaldap, an auth-n/z driver for Swift
> > to use Nova user/profile data in LDAP.
> > 
> > 	http://www.debian.or.jp/~yosshy/swauth_novaldap/
> > 
> > swauth_novaldap has 2 benefits:
> > 
> > * Nova and Swift share their user and group information.
> > * Swift can use LDAP as a store for user and group information. So, you
> >  can manage user and group of Swift with your LDAP administration
> >  tools. 
> > 
> > Note:
> > swauth_novaldap doesn't use user's password but secret key of Nova
> > user.
> > 
> > Best regards,
> >  Akira YOSHIYAMA <yosshy@xxxxxxxxxxxx>

References

swauth_novaldap released
From: Akira YOSHIYAMA, 2011-06-03
Re: swauth_novaldap released
From: Greg Holt, 2011-06-03