Hello to all!
Before the release of version grizzly 3, the suggested schema in the
openstack documentation
(http://docs.openstack.org/trunk/openstack-compute/admin/content/configuring-keystone-for-ldap-backend.html)
worked fine. This is the suggested schema:
dn: cn=openstack,cn=org dc: openstack objectClass: dcObject objectClass:
organizationalUnit ou: openstack dn: ou=Groups,cn=openstack,cn=org
objectClass: top objectClass: organizationalUnit ou: groups dn:
ou=Users,cn=openstack,cn=org objectClass: top objectClass:
organizationalUnit ou: users dn: ou=Roles,cn=openstack,cn=org objectClass:
top objectClass: organizationalUnit ou: rolesBut after the release of the
version grizzly 3 I think that's not enough anymore, mainly because of the
"domain" concept.
I'm kind of lost trying to make LDAP work with keystone now...does anyone
succeed in this?
I created a new dn, something like:
dn: ou=Domains,cn=openstack,cn=org objectClass: top objectClass:
organizationalUnit ou: DomainsBut when I run the "keystone-manage db_sync"
the "default" domain isn't created in the LDAP...When I manually create the
domain in there, I have a problem with authentication...
I think I must be doing something wrong, does anyone have a light?
Thanks in advance,
Marcelo M. Miziara
marcelo.miziara@xxxxxxxxxxxxx -
"Esta mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO),
empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é
enviada exclusivamente a seu destinatário e pode conter informações
confidenciais, protegidas por sigilo profissional. Sua utilização
desautorizada é ilegal e sujeita o infrator às penas da lei. Se você a
recebeu indevidamente, queira, por gentileza, reenviá-la ao emitente,
esclarecendo o equívoco."
"This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) --
a government company established under Brazilian law (5.615/70) -- is
directed exclusively to its addressee and may contain confidential data,
protected under professional secrecy rules. Its unauthorized use is illegal
and may subject the transgressor to the law's penalties. If you're not the
addressee, please send it back, elucidating the failure."