openstack
/
keystone
Code Issues Proposed changes

Merge "docs: Clarify lack of LDAP assignment back end"

This commit is contained in:
Zuul 2023-08-04 16:31:30 +00:00 committed by Gerrit Code Review
parent 0fc14e6fcb dabaef7c33
commit 56c1beee76
1 changed files with 4 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/source/admin/integrate-with-ldap.inc
View File

@ -17,20 +17,12 @@ authorization (using the *assignment* feature). OpenStack Identity only
supports read-only LDAP integration.
The *identity* feature enables administrators to manage users and groups
by each domain or the OpenStack Identity service entirely.
by each domain or the OpenStack Identity service entirely. This is
supported by the LDAP identity back end.
The *assignment* feature enables administrators to manage project role
authorization using the OpenStack Identity service SQL database, while
providing user authentication through the LDAP directory.
.. NOTE::
It is possible to isolate identity related information to LDAP in a
deployment and keep resource information in a separate datastore. It is not
possible to do the opposite, where resource information is stored in LDAP
and identity information is stored in SQL. If the resource or assignment
back ends are integrated with LDAP, the identity back end must also be
integrated with LDAP.
authorization using the OpenStack Identity service SQL database. There
is no assignment back end for LDAP.
Identity LDAP server set up
---------------------------