[rhos-list] Support for multiple Identity backends in Keystone?
Jonathan Mills
jonmills at renci.org
Tue Sep 4 15:59:27 UTC 2012
From my testing, I gather it is not possible to use multiple Identity
backends in Keystone?
For example, a prime use case for this would be a company where a large
user base already exists in Active Directory or OpenLDAP, and all you
want to do is tap into that to provide Keystone with user accounts.
But you want to manage Tenants and Roles in the local SQL database.
There's a lot to be said for that.
However, I can find no way to chain load multiple Identity drivers in
keystone.conf:
[identity]
driver = keystone.identity.backends.ldap.core.Identity
driver = keystone.identity.backends.sql.Identity
Whichever is last is the one that is used. The example above uses only
SQL backend, and ignores LDAP.
Any thoughts on this?
--
Jonathan Mills
Systems Administrator
Renaissance Computing Institute
UNC-Chapel Hill
More information about the rhos-list
mailing list