Jump to: navigation, search

HowtoIntegrateKeystonewithAD

Revision as of 00:00, 1 January 1970 by (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

How to integrate Keystone with Active Directory

<SOME TEXT>

Structure (3 different trees for each identity type)

Windows 2008 schema (includes services for unix) Users (OU=Users) AdminUser @id @name @mail DemoUser @id @name @mail Tenants(OU=Tenants) DemoTenant @id @name @description member(AdminUser,DemoUser) AdminRole roleOccupant(AdminUser) MemberRole roleOccupant(DemoUser) Roles(OU=Roles) AdminRole @id @name MemberRole @id @name

Changes on organizationalRole to have groupOfNames as a possible superior

In ADSI Edit go to schema Open CN=Organizational-Role In attribute editor edit possSuperiors Add groupOfNames in the values and click OK

Retrieved from "https://wiki.openstack.org/w/index.php?title=HowtoIntegrateKeystonewithAD&oldid=6752"