| *** marlinc is now known as Guest7471 | 00:18 | |
| *** osmanlicilegi is now known as Guest7485 | 00:18 | |
| *** lbragstad8 is now known as lbragstad | 04:48 | |
| *** tobias-urdin5 is now known as tobias-urdin | 06:03 | |
| mkarpiarz | Hi all! With Keysone using LDAP as the identity provider, where are assignments between users and resources (for example quotas) stored? | 09:07 |
|---|---|---|
| mkarpiarz | I understand that LDAP users exist in LDAP and not the SQL database so other tables can't simply refer to them by a key, right? | 09:09 |
| mkarpiarz | Also, I know quotas are project specific so I'd also like to know where and how LDAP organisation-to-resources are stored. | 09:11 |
| tv1 | I have a question regarding federation; | 09:40 |
| *** tv1 is now known as Kvisle | 09:40 | |
| Kvisle | I am integrating with multiple KeyCloak-instances using SAML. I'm using mod_auth_mellon to absorb the saml-part. | 09:42 |
| Kvisle | This works great for a single identity provider, but I can't really see how I can do this with a second identity provider without adding a new protocol (named acme_saml2 or so) ... Because of the websso-endpoint that only includes the protocol-endpoint without the identity-provider-endpoint. | 09:42 |
| Kvisle | erh; Because of the websso-endpoint only including protocol, not identity-provider. Example: <Location "/v3/auth/OS-FEDERATION/websso/saml2"> | 09:42 |
| Kvisle | I have found that I can create a custom protocol that does saml (acme_saml2), but I need to register an entry point -- which I have successfully done by editing /usr/lib/python3.9/site-packages/keystone-21.0.0-py3.9.egg-info/entry_points.txt ... however, that would be reverted when I upgrade the package, so I am assuming I am doing something wrong | 09:44 |
| Kvisle | Can anyone here point me in the right direction? What am I missing/doing wrong? | 09:44 |
| *** dviroel_ is now known as dviroel | 11:38 | |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Add an option to randomize LDAP urls list https://review.opendev.org/c/openstack/keystone/+/821086 | 12:34 |
| *** dasm|off is now known as dasm | 13:31 | |
| *** dviroel is now known as dviroel|lunch | 15:29 | |
| *** dviroel|lunch is now known as dviroel | 16:38 | |
| *** dviroel is now known as dviroel|out | 21:22 | |
| *** dasm is now known as dasm|off | 22:03 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!