My Favorites

Close

Please to see your favorites.

  • Bookmark
  • Email Document
  • Printer Friendly
  • Favorite
  • Rating:

Enabling multi domain setup for keystone and horizon.

This document (7019032) is provided subject to the disclaimer at the end of this document.

Environment

SUSE OpenStack Cloud 7

Situation

Enabling multidomain setup

Resolution

Create new domain

Enabling and creating a new domain could be done via ldap.yaml.

Proposals:

Barclamp: keystone

      attributes:
        domain_specific_drivers: true
        domain_specific_config:
          ldap_users:
        ldap:
          url: ldaps://ldap.example.com
          suffix: dc=example,dc=com
          user_tree_dn: ou=accounts,dc=example,dc=com
          user_objectclass: posixAccount
          user_id_attribute: uid
          user_name_attribute: uid
          group_tree_dn: ou=accounts,dc=example,dc=com
          group_objectclass: posixGroup
          group_id_attribute: gidNumber
          group_name_attribute: cn
          group_member_attribute: memberUid
          group_members_are_ids: true
          tls_cacertdir: "/etc/ssl/certs"

Barclamp: horizon

      attributes:
        multi_domain_support: true



To create and commit the barclamp changes:

    crowbar batch build ldap.yaml


To verify this works, it is possible to list domain users as follows:
    openstack user list --domain <ldap_users>

Assign Role to a user in a Domain

The following commands will show all required information:

    openstack domain list
    openstack role list
    openstack user list --domain

    openstack role add \
    --user <user_id> \
    --domain <domain_id> \
    <role>

Assign Role to a group in a project

    openstack role add \
    --group mygroup \
    --group-domain ldap_users \
    --project myproject \
    Member



Additional Information

more information about the ldap settings can be found in the OpenStack documentation
(https://docs.openstack.org/admin-guide/identity-integrate-with-ldap.html)

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7019032
  • Creation Date:23-MAY-17
  • Modified Date:07-DEC-17
    • NovellSUSE OpenStack Cloud

Did this document solve your problem? Provide Feedback

< Back to Support Search

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center