[Cyberduck-trac] [Cyberduck] #7551: how can i integrate active directory in openstack using keystone ?

Cyberduck trac at trac.cyberduck.ch
Tue Nov 5 11:50:49 UTC 2013


#7551: how can i integrate active directory in openstack using keystone ?
-----------------------------+-----------------------
    Reporter:  vinoth kumar  |      Owner:  dkocher
        Type:  enhancement   |     Status:  new
    Priority:  highest       |  Milestone:  5.0
   Component:  openstack     |    Version:  4.4
    Severity:  critical      |   Keywords:  openstack
Architecture:  Intel         |   Platform:  Windows 7
-----------------------------+-----------------------
 how can i integrate active directory in openstack using keystone ?

 As per my analysis with Openstack and AD integration there are two ways of
 integrating as suggested on this question about Swift and I haven't
 managed to successfully integrate AD with my OpenStack installation.

 The suggestions for Swift are:

 1) If your existing system is using LDAP or Active Directory, consider
 using the OpenStack Identity service backing on to this - it integrates
 well with swift.

 2) If you have a 'special' system that has its own API, you can write a
 small module to put in the swift pipeline to handle the authorization
 decisions. You can find an example of how to develop a module in the
 OpenStack Operations Guide "Customize" chapter ()

 I was trying for first option for last 4 days because there two type of
 attributes for tenant specially used for the integration with as keystone
 back end which are as follows:

 a) AD tenant object creation with Class Organizationunit and change the
 Keystone .conf as per this setup: When we try to login via Horizon it says
 "Unable to authenticate using available projects." and this shows
 Authentication is happening and authorization is not happening using
 tenant,role,user integration. Also its not allowing to bind any with any
 serivce as the authorization is not completing as it is not able to
 authenticate using existing projects . Attached file with keystone log for
 this setup will give more clarity of information.

 b) AD tenant object creation with Class groupOfNames and change the
 keystone.conf as per this setup. When we use this setup via Horizon it
 says " Unable to retrieve authorized projects." and it stops . Attached
 file with keystone log for this setup will give more clarity of
 information.

 where as from both the setup, from the command line we can just list
 user,tenant, roles objects using ADMIN token … and this active directory
 is successfully happening.

-- 
Ticket URL: <https://trac.cyberduck.ch/ticket/7551>
Cyberduck <http://cyberduck.ch>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows


More information about the Cyberduck-trac mailing list