[QUOTE=rhafer;25687]For read-only LDAP/AD access it’s probably best to use the keystone hybrid backend. Crowbar currently expects to be able to create/modify some users in keystone. Those are mainly the default “admin” and “crowbar” users plus some service specific users for the various openstack services. The hybrid backend solves that by storing those users in the SQL database while taking all other users from the LDAP/AD database. We released that backend recently for Cloud 4 as part of a maintenance update for the keystone packages. So make sure to have the latest updates installed.
For the hybrid backend please set the drivers to: “keystone.identity.backends.hybrid.Identity” and “keystone.assignment.backends.hybrid.Assignment”. Configure the rest of the LDAP options as “normal”.
more information on the hybrid backend can be found here: https://github.com/SUSE-Cloud/keystone-hybrid-backend
An update of the respective chapter of the deployment guide is also planned AFAIK.
Thank you for the advice. I did accomplished to connect to the AD following the both the github guide and the official Suse Doc. With the “keystone user-list” command I can retrieve the list of AD users. But Im not able any more to login as Admin. I get this error in the keystone.log
WARNING keystone.common.wsgi [-] Could not find project, demo.
Before I try to enable AD users in Suse Cloud I would like to find out what the problem is. Do you have an idea?