From dabaef7c331fbd0f5f66b9d98b0d03bb140e2a1e Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Tue, 4 Jul 2023 13:37:36 +0100 Subject: [PATCH] docs: Clarify lack of LDAP assignment back end The LDAP assignment backend was removed in Mitaka(!) [1] and should no longer be referenced. Change-Id: I14a4d7fdbaee81792a1ccf9b3bcf5f2d8e237da5 --- doc/source/admin/integrate-with-ldap.inc | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/doc/source/admin/integrate-with-ldap.inc b/doc/source/admin/integrate-with-ldap.inc index dbaf08bf30..158a228703 100644 --- a/doc/source/admin/integrate-with-ldap.inc +++ b/doc/source/admin/integrate-with-ldap.inc @@ -17,20 +17,12 @@ authorization (using the *assignment* feature). OpenStack Identity only supports read-only LDAP integration. The *identity* feature enables administrators to manage users and groups -by each domain or the OpenStack Identity service entirely. +by each domain or the OpenStack Identity service entirely. This is +supported by the LDAP identity back end. The *assignment* feature enables administrators to manage project role -authorization using the OpenStack Identity service SQL database, while -providing user authentication through the LDAP directory. - -.. NOTE:: - - It is possible to isolate identity related information to LDAP in a - deployment and keep resource information in a separate datastore. It is not - possible to do the opposite, where resource information is stored in LDAP - and identity information is stored in SQL. If the resource or assignment - back ends are integrated with LDAP, the identity back end must also be - integrated with LDAP. +authorization using the OpenStack Identity service SQL database. There +is no assignment back end for LDAP. Identity LDAP server set up ---------------------------