| *** rlandy|bbl is now known as rlandy|out | 00:55 | |
| *** EugenMayer4 is now known as EugenMayer | 01:54 | |
| criehfer | we're closed. Gotta leave | 03:26 |
|---|---|---|
| criehfer | we're closed. you have to leave | 03:36 |
| *** rlandy|out is now known as rlandy | 10:25 | |
| *** soniya29 is now known as soniya29|afk | 12:27 | |
| LarsErikP | Hi! Do any of you have keystone integraded with AD, with working group member listing? | 12:45 |
| LarsErikP | everything works on my side, I can grant access to projects to AD-groups. But I can not list the actual group members.. | 12:45 |
| LarsErikP | I.e with "openstack user list --domain FOO --group foo-group" | 12:46 |
| LarsErikP | and the "openstack group contains user ..." command always returns "user not in group" | 12:46 |
| grami[m] | LarsErikP: I think most people will stay away from using AD as they see it as a corporate infrastructure rather then the product infrastructure, but it's really up to the company. It also I believe as I don't keep up with windows stuff that it keeps changing how the grouping works. My advice would be setup your own ldap and define the layout you need also maybe look at kerberos or even federation. | 13:11 |
| LarsErikP | hehe. MS specifically _don't_ change how anything works in AD, because that would literally break the entire enterprise wold. So that's not an issue :P | 13:14 |
| LarsErikP | And as I said. Everything works fine with auth etc. It's just "weird" that I can't list the group members; since keystone obviously are able to read group members elsewhere in the code (given that it works perfectly fine to grant project access to a group) | 13:16 |
| BedMan | I think you might be able to look at the authentication code to determine how it works, then backport that to the user list commands | 13:54 |
| BedMan | but it is coming at the problem from opposite points of view... | 13:54 |
| BedMan | so that might not cover it :( | 13:54 |
| *** soniya is now known as soniya|afk | 14:15 | |
| *** soniya|afk is now known as soniya | 15:11 | |
| *** rlandy is now known as rlandy|bbl | 22:36 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!