openstack team mailing list archive
Mailing list archive
Re: [Keystone] Quotas: LDAP Help
On 07/25/2012 05:32 PM, Adam Young wrote:
On 07/25/2012 10:19 AM, Ionuț Arțăriși wrote:
I just wanted to add a bit to this thread. We're currently working on
a hybrid backend between LDAP and SQL. I have a working version for a
specific setup in which the user accounts are stored in LDAP, but
tenants and roles are all stored in SQL together with other openstack
user accounts such as the nova admin account.
I basically just Frankensteined the two backends together for user
processing and left everything else to be handled by the SQL backend.
I'd like to hear other people's opinion on this or alternative
Are tenants completely in the SQL DB? If so, how to you list tenants
for a given user?
Do you copy users from LDAP to SQL for anything?
Urgh, sorry for the late answer.
Tenats are all in the SQL DB and no users are copied from LDAP to SQL.
For listing tenants for a given user, right now we have a hacky
get_tenants_for_user method which can be configured/rewritten by the
sysadmin. We have a sample method which adds a pre-configured tenant to
the existing list of tenants (from SQL) for usecases like: make all LDAP
users part of tenant X.