diff options
| author | Adam Young <ayoung@redhat.com> | 2012-03-07 16:04:32 -0500 |
|---|---|---|
| committer | Adam Young <ayoung@redhat.com> | 2012-03-13 19:30:39 -0400 |
| commit | 5b3e05bbabd5366461630327e4498fe582ff8ab7 (patch) | |
| tree | d44c07a6792f49f2b8b01ca3e3224d6db936370f /doc/source | |
| parent | e65a22c43a7fe44621080cee01f394c90b54320d (diff) | |
added LDAP section to architecture and architecture
https://bugs.launchpad.net/keystone/+bug/949521
Bug 949521
Change-Id: I2e37c0d946e3d97a2c4bc4bf4a50bd94466f70c2
Diffstat (limited to 'doc/source')
| -rw-r--r-- | doc/source/architecture.rst | 6 | ||||
| -rw-r--r-- | doc/source/configuration.rst | 42 |
2 files changed, 45 insertions, 3 deletions
diff --git a/doc/source/architecture.rst b/doc/source/architecture.rst index b6498a08..97a68f4c 100644 --- a/doc/source/architecture.rst +++ b/doc/source/architecture.rst @@ -167,6 +167,12 @@ interpolation):: catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0 catalog.RegionOne.identity.name = 'Identity Service' + +LDAP Backend +----------------- +The LDAP backend stored Users and Tenents in separate Subtrees. Roles are recorded +as entries under the Tenants. + ---------- Data Model ---------- diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index 6e7c6875..95b2e0ad 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -6,7 +6,7 @@ not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT @@ -516,7 +516,7 @@ exmaple:: keyword arguments -* user <user-id> +* user <user-id> * role <role-id> * tenant_id <tenant-id> @@ -532,7 +532,7 @@ example:: keyword arguments -* user <user-id> +* user <user-id> * role <role-id> * tenant_id <tenant-id> @@ -595,3 +595,39 @@ example:: $ keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b + +Configuring the LDAP Identity Provider +=========================================================== + +As an alternative to the SQL Databse backing store, Keystone can Use a +Directory server to provide the Identity service. An example Schema +for openstack would look like this:: + + dn: cn=openstack,cn=org + dc: openstack + objectClass: dcObject + objectClass: organizationalUnit + ou: openstack + + dn: ou=Groups,cn=openstack,cn=org + objectClass: top + objectClass: organizationalUnit + ou: groups + + dn: ou=Users,cn=openstack,cn=org + objectClass: top + objectClass: organizationalUnit + ou: users + + dn: ou=Roles,cn=openstack,cn=org + objectClass: top + objectClass: organizationalUnit + ou: users + +The corresponding entries in the Keystone configuration file are:: + + [ldap] + url = ldap://localhost + suffix = dc=openstack,dc=org + user = dc=Manager,dc=openstack,dc=org + password = badpassword |