Provision Samba AD domain with Fuel plugin

Registered by Adam Heczko

Currently, Fuel cannot provision Samba Active Directory (AD LDAP database, Kerberos realm) and switch Keystone to use it.
Enterprise customers would like to integrate OpenStack with their enterprise wide Active Directory environment in more 'native' way.
This scenario has the following advantages over 'classical' LDAP only approaches:
- allows securely integrate with AD domains while preserving read/write capability for Keystone
- allows management of users from within OpenStack as well as from Microsoft AD native tools
- allows optionally to use Kerberos for authentication and utilize Kerberos advantages: Single Sign On for improved user experience and security (no need to store clean text passwords in RC files)
Keystone+Samba AD connectivity with enterprise wide AD implementation could be preserved by utilizing Kerberos trust mechanism.
Establishing of Kerberos trusts between Keystone+Samba AD and enterprise wide AD is out of scope (although easily achievable as a post-deployment configuration option).

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Adam Heczko
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.