LDAP Authentication using compare() method
Scenario:
Enterprise utilises a centralised LDAP Direcory for SSO purposes. User management (creation, update, deletion etc... ) realised via LDAP BUI app. Keystone configured to authenticate against the Enterprise LDAP directory (read-only mode).
To:
i. minimise ldap traffic
ii. simplify the authentication process
iii. add flexability - giving an Enterprise the choice of authentication methods, specifically where internal security standards specify
...can a switch (e.g. in conf file) and additional updates to python code be made enabling keystone to use the compare() or bind() methods for authentication purposes.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- mrhearn
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Morgan Fainberg
Related branches
Related bugs
Sprints
Whiteboard
While COMPARE is a bit better in some cases - this would a) need a spec, and b) need more discussion for compatibility/