Configuring 'user_dn_key' and 'group_members_are_ids' LDAP parameters with Keystone in Red Hat OpenStack Platoform 13

Solution In Progress - Updated -

Issue

  • Previously on Red Hat OpenStack Platform 10, the following LDAP variables were available:
user_dn_key = ou=people,dc=test,dc=example,dc=com

group_members_are_ids = true

  • However on Red Hat OpenStack Platform 13, they are not available. They seems mandatory to make LDAP backend working with Juniper Contrail.

  • For Red Hat OpenStack Platform 10 the following procedure Integrate With Identity Service simply in the files of OpenStack Platform controllers: /etc/keystone/domains/keystone.<domain>.conf were two more parameters: user_dn_key and group_members_are_ids.

  • These parameters were needed for contrail to being able to use LDAP accounts.

  • 'user_dn_key' is an OpenLDAP Key to extract user dn from LDAP entry

  • 'group_members_are_ids' is used if the members of the group objectclass are user IDs rather than DNs, set this to true.
    -This is the case when using posixGroup as the group objectclass and OpenDirectory.

  • Now in the Red Hat OpenStack Platform 13 Documentation all the parameter are integrated to director except "user_dn_key" and "group_members_are_ids".

Environment

  • Red Hat OpenStack Platform 13

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content