Enabling multi domain setup for keystone and horizon.

This document (7019032) is provided subject to the disclaimer at the end of this document.


SUSE OpenStack Cloud 7


Enabling multidomain setup


Create new domain

Enabling and creating a new domain could be done via ldap.yaml.


Barclamp: keystone

        domain_specific_drivers: true
          url: ldaps://ldap.example.com
          suffix: dc=example,dc=com
          user_tree_dn: ou=accounts,dc=example,dc=com
          user_objectclass: posixAccount
          user_id_attribute: uid
          user_name_attribute: uid
          group_tree_dn: ou=accounts,dc=example,dc=com
          group_objectclass: posixGroup
          group_id_attribute: gidNumber
          group_name_attribute: cn
          group_member_attribute: memberUid
          group_members_are_ids: true
          tls_cacertdir: "/etc/ssl/certs"

Barclamp: horizon

        multi_domain_support: true

To create and commit the barclamp changes:

    crowbar batch build ldap.yaml

To verify this works, it is possible to list domain users as follows:
    openstack user list --domain <ldap_users>

Assign Role to a user in a Domain

The following commands will show all required information:

    openstack domain list
    openstack role list
    openstack user list --domain

    openstack role add \
    --user <user_id> \
    --domain <domain_id> \

Assign Role to a group in a project

    openstack role add \
    --group mygroup \
    --group-domain ldap_users \
    --project myproject \


Additional Information

more information about the ldap settings can be found in the OpenStack documentation


This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7019032
  • Creation Date: 23-May-2017
  • Modified Date:03-Mar-2020
    • SUSE Open Stack Cloud

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center