Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, April 18 • 2:20pm - 3:00pm
LDAP Integration

Sign up or log in to save this to your schedule and see who's attending!

This session will include the following subject(s):

Keystone LDAP Integration for Enterprises:

In this proposal we present use cases for how Keystone needs to integrate with an enterprise's existing LDAP infrastructure. We have identified the following as valid use cases for which Keystone should be extended to ensure a seamless integration with existing LDAP environments:

1. A Keystone LDAP integration model whereby Keystone is integrating with a read-only LDAP and leveraging the contents of this LDAP for both authenticating users and also for authorization (e.g. project, roles, etc).

2. A Keystone LDAP integration model whereby Keystone is integrating into multiple LDAPs such that it utilizes a read-only LDAP for authenticating users and then leverages a separate read/write LDAP for performing authorization.

3. A Keystone LDAP integration model whereby Keystone is integrating into multiple LDAPs such that it utilizes a read-only LDAP for authenticating users and group information and then leverages a separate read/write LDAP for accessing projects and role information

4. A Keystone LDAP integration model whereby Keystone is integrating into multiple LDAPs such that it utilizes a read-only LDAP for authenticating users and then leverages a separate read/write SQL backend for performing authorization.

5. A Keystone LDAP integration model whereby a separate LDAP or SQL backend can be chosen for authentication/authorization for each domain and mechanism are in place to prevent leakage of sensitive data from one domain to another. Note: This topic will be covered in more detail in http://summit.openstack.org/cfp/edit/158.

6.Multiple Keystone Active Directory integration models that are similar to the ones listed above except integration is with Active Directory instead of other implementations of LDAP.

In this session our expectation is to discuss these use cases, receive feedback, and identify other use cases during the session as well.

(Session proposed by Brad Topol)


Thursday April 18, 2013 2:20pm - 3:00pm
B114

Attendees (60)