← Back to team overview

openstack team mailing list archive

Re: [Keystone] Quotas: LDAP Help


On 07/25/2012 05:32 PM, Adam Young wrote:
On 07/25/2012 10:19 AM, Ionuț Arțăriși wrote:


I just wanted to add a bit to this thread. We're currently working on a hybrid backend between LDAP and SQL. I have a working version for a specific setup in which the user accounts are stored in LDAP, but tenants and roles are all stored in SQL together with other openstack user accounts such as the nova admin account.

I basically just Frankensteined the two backends together for user processing and left everything else to be handled by the SQL backend. I'd like to hear other people's opinion on this or alternative implementations.

Are tenants completely in the SQL DB? If so, how to you list tenants for a given user?

Do you copy users from LDAP to SQL for anything?

Urgh, sorry for the late answer.

Tenats are all in the SQL DB and no users are copied from LDAP to SQL.

For listing tenants for a given user, right now we have a hacky get_tenants_for_user method which can be configured/rewritten by the sysadmin. We have a sample method which adds a pre-configured tenant to the existing list of tenants (from SQL) for usecases like: make all LDAP users part of tenant X.