Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/keystone-ad-integration.

Description:

This blueprint aims to automate the integration of Keystone with AD (LDAP) backend. This ad-Integration tool will be a python script. It will be used to automate the configuration changes required for integration of Keystone with AD. It will also replicate the required OpenStack users, projects and role in AD backend and at last it will check if the integration was successful.

This ad-Integration tool will support the following two ways of integration:

1. Ready Only LDAP
In this the identity driver will be ldap while the assignment driver will be sql. The keystone will use the users from the ldap but the projects, roles and role assignment will be using sql as the backend. This will be used when any enterprises using the AD (LDAP) want to maintain a centralized repository for user credentials but also don’t want to change their AD structure.

2. Only LDAP
In this both the identity and assignment driver will be ldap. In this all users, projects, roles, role assignment will be maintained in AD (LDAP). This will require modification done to AD structure.


Specification URL (additional information):

https://wiki.openstack.org/wiki/Keystone/blueprints/ad-integration