[Cyberduck-trac] [Cyberduck] #7551: how can i integrate active directory in openstack using keystone ?
Cyberduck
trac at trac.cyberduck.ch
Tue Nov 5 11:50:49 UTC 2013
#7551: how can i integrate active directory in openstack using keystone ?
-----------------------------+-----------------------
Reporter: vinoth kumar | Owner: dkocher
Type: enhancement | Status: new
Priority: highest | Milestone: 5.0
Component: openstack | Version: 4.4
Severity: critical | Keywords: openstack
Architecture: Intel | Platform: Windows 7
-----------------------------+-----------------------
how can i integrate active directory in openstack using keystone ?
As per my analysis with Openstack and AD integration there are two ways of
integrating as suggested on this question about Swift and I haven't
managed to successfully integrate AD with my OpenStack installation.
The suggestions for Swift are:
1) If your existing system is using LDAP or Active Directory, consider
using the OpenStack Identity service backing on to this - it integrates
well with swift.
2) If you have a 'special' system that has its own API, you can write a
small module to put in the swift pipeline to handle the authorization
decisions. You can find an example of how to develop a module in the
OpenStack Operations Guide "Customize" chapter ()
I was trying for first option for last 4 days because there two type of
attributes for tenant specially used for the integration with as keystone
back end which are as follows:
a) AD tenant object creation with Class Organizationunit and change the
Keystone .conf as per this setup: When we try to login via Horizon it says
"Unable to authenticate using available projects." and this shows
Authentication is happening and authorization is not happening using
tenant,role,user integration. Also its not allowing to bind any with any
serivce as the authorization is not completing as it is not able to
authenticate using existing projects . Attached file with keystone log for
this setup will give more clarity of information.
b) AD tenant object creation with Class groupOfNames and change the
keystone.conf as per this setup. When we use this setup via Horizon it
says " Unable to retrieve authorized projects." and it stops . Attached
file with keystone log for this setup will give more clarity of
information.
where as from both the setup, from the command line we can just list
user,tenant, roles objects using ADMIN token … and this active directory
is successfully happening.
--
Ticket URL: <https://trac.cyberduck.ch/ticket/7551>
Cyberduck <http://cyberduck.ch>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list