OpenStack Multi-Domain with LDAP backend

If you are using LDAP for authentication with single domain and want to move to multi-domain, you have to be careful with the user id and project id in OpenStack database.

If “openstack user list” show this before you migrate to multi-domain

+——————————————+———————-+
| ID | Name |
+——————————————+———————-+
| mmouse | Mickey Mouse |
| dduck  |Donald Duck |
…..

“openstack user list” will show this after the migration

+——————————————+———————-+
| ID | Name |
+——————————————+———————-+
| 607fba330dce552bcc34f0f821dabfcddbdf49f2635a9d8d372b5f0cad8ec00b |Mickey Mouse |
| 1b8a590adab6b707cae2a43d64552a1d0b000fe05431fcfde1c48742f966a1c3 |Donald Duck |

….

Because OpenStack use “ID” in database to associate all resources like cinder volume,  glance image, vm,  you will have to update all database that reference, eg “mmouse” to “607fba330dce552bcc34f0f821dabfcddbdf49f2635a9d8d372b5f0cad8ec00b”.  I don’t know if there is any migration tools available.

 

 

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s