c5728e0ebf
This content has three sections - two of which are shown on a different level which looks rather awkward. Move content to setup LDAP server in separate file and reference it properly. Fix also a wrong headline markup and indent. Rename identity-secure-identity-to-ldap-backend.rst to identity-secure-ldap-backend.rst. Adjust htaccess for that. Change-Id: I1a822304f1232211cc32f1b4553417dc2ccfeb45
1.1 KiB
Integrate Identity with LDAP
The OpenStack Identity service supports integration with existing LDAP directories for authentication and authorization services. LDAP back ends require initialization before configuring the OpenStack Identity service to work with it. For more information, see Setting up LDAP for use with Keystone.
When the OpenStack Identity service is configured to use LDAP back ends, you can split authentication (using the identity feature) and authorization (using the assignment feature).
The identity feature enables administrators to manage users and groups by each domain or the OpenStack Identity service entirely.
The assignment feature enables administrators to manage project role authorization using the OpenStack Identity service SQL database, while providing user authentication through the LDAP directory.
identity-ldap-server.rst identity-integrate-identity-backend-ldap.rst identity-secure-ldap-backend.rst