Merge "docs: Clarify lack of LDAP assignment back end"
This commit is contained in:
commit
56c1beee76
|
@ -17,20 +17,12 @@ authorization (using the *assignment* feature). OpenStack Identity only
|
||||||
supports read-only LDAP integration.
|
supports read-only LDAP integration.
|
||||||
|
|
||||||
The *identity* feature enables administrators to manage users and groups
|
The *identity* feature enables administrators to manage users and groups
|
||||||
by each domain or the OpenStack Identity service entirely.
|
by each domain or the OpenStack Identity service entirely. This is
|
||||||
|
supported by the LDAP identity back end.
|
||||||
|
|
||||||
The *assignment* feature enables administrators to manage project role
|
The *assignment* feature enables administrators to manage project role
|
||||||
authorization using the OpenStack Identity service SQL database, while
|
authorization using the OpenStack Identity service SQL database. There
|
||||||
providing user authentication through the LDAP directory.
|
is no assignment back end for LDAP.
|
||||||
|
|
||||||
.. NOTE::
|
|
||||||
|
|
||||||
It is possible to isolate identity related information to LDAP in a
|
|
||||||
deployment and keep resource information in a separate datastore. It is not
|
|
||||||
possible to do the opposite, where resource information is stored in LDAP
|
|
||||||
and identity information is stored in SQL. If the resource or assignment
|
|
||||||
back ends are integrated with LDAP, the identity back end must also be
|
|
||||||
integrated with LDAP.
|
|
||||||
|
|
||||||
Identity LDAP server set up
|
Identity LDAP server set up
|
||||||
---------------------------
|
---------------------------
|
||||||
|
|
Loading…
Reference in New Issue