openstack
/
keystone
Code Issues Proposed changes

docs: Clarify lack of LDAP assignment back end 

The LDAP assignment backend was removed in Mitaka(!) [1] and should no
longer be referenced.

Change-Id: I14a4d7fdbaee81792a1ccf9b3bcf5f2d8e237da5
This commit is contained in:
Mark Goddard 2023-07-04 13:37:36 +01:00
parent a2f0236e81
commit dabaef7c33
1 changed files with 4 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/source/admin/integrate-with-ldap.inc
View File

@ -17,20 +17,12 @@ authorization (using the *assignment* feature). OpenStack Identity only
supports read-only LDAP integration. supports read-only LDAP integration.
The *identity* feature enables administrators to manage users and groups The *identity* feature enables administrators to manage users and groups
by each domain or the OpenStack Identity service entirely. by each domain or the OpenStack Identity service entirely. This is
supported by the LDAP identity back end.
The *assignment* feature enables administrators to manage project role The *assignment* feature enables administrators to manage project role
authorization using the OpenStack Identity service SQL database, while authorization using the OpenStack Identity service SQL database. There
providing user authentication through the LDAP directory. is no assignment back end for LDAP.
.. NOTE::
It is possible to isolate identity related information to LDAP in a
deployment and keep resource information in a separate datastore. It is not
possible to do the opposite, where resource information is stored in LDAP
and identity information is stored in SQL. If the resource or assignment
back ends are integrated with LDAP, the identity back end must also be
integrated with LDAP.
Identity LDAP server set up Identity LDAP server set up
--------------------------- ---------------------------