主页
产品
Red Hat OpenStack Platform
17.1
将 OpenStack 身份与外部用户管理服务集成
5.4. 授予 admin 用户对 OpenStack 身份域的访问权限

5.4. 授予 admin 用户对 OpenStack 身份域的访问权限

要允许 admin 用户访问 OpenStack Identity (keystone)域 并查看域 选项卡，获取域和 admin 用户的 ID，然后将 admin 角色分配给域中的用户。

注意

这不授予 OpenStack admin 帐户对外部服务域的任何权限。在这种情况下，术语 domain 指的是 OpenStack 对 keystone 域的使用。

流程

此流程使用 LAB 域。使用您要配置的域的实际名称替换域名。

获取 LAB 域的 ID：

openstack domain show LAB

$ openstack domain show LAB
+---------+----------------------------------+
| Field   | Value                            |
+---------+----------------------------------+
| enabled | True                             |
| id      | 6800b0496429431ab1c4efbb3fe810d4 |
| name    | LAB                              |
+---------+----------------------------------+

Copy to Clipboard

Toggle word wrap

从 默认域 获取 admin 用户的 ID：

openstack user list --domain default | grep admin

$ openstack user list --domain default | grep admin
| 3d75388d351846c6a880e53b2508172a | admin      |

Copy to Clipboard

Toggle word wrap

获取 admin 角色的 ID：

openstack role list

$ openstack role list

Copy to Clipboard

Toggle word wrap

输出取决于您集成的外部服务：

Active Directory 域服务(AD DS)：

+----------------------------------+-----------------+
| ID                               | Name            |
+----------------------------------+-----------------+
| 01d92614cd224a589bdf3b171afc5488 | admin           |
| 034e4620ed3d45969dfe8992af001514 | member          |
| 0aa377a807df4149b0a8c69b9560b106 | ResellerAdmin   |
| 9369f2bf754443f199c6d6b96479b1fa | heat_stack_user |
| cfea5760d9c948e7b362abc1d06e557f | reader          |
| d5cb454559e44b47aaa8821df4e11af1 | swiftoperator   |
| ef3d3f510a474d6c860b4098ad658a29 | service         |
+----------------------------------+-----------------+

+----------------------------------+-----------------+
| ID                               | Name            |
+----------------------------------+-----------------+
| 01d92614cd224a589bdf3b171afc5488 | admin           |
| 034e4620ed3d45969dfe8992af001514 | member          |
| 0aa377a807df4149b0a8c69b9560b106 | ResellerAdmin   |
| 9369f2bf754443f199c6d6b96479b1fa | heat_stack_user |
| cfea5760d9c948e7b362abc1d06e557f | reader          |
| d5cb454559e44b47aaa8821df4e11af1 | swiftoperator   |
| ef3d3f510a474d6c860b4098ad658a29 | service         |
+----------------------------------+-----------------+

Copy to Clipboard

Toggle word wrap

Red Hat Identity Manager (IdM):

+----------------------------------+---------------+
| ID                               | Name          |
+----------------------------------+---------------+
| 544d48aaffde48f1b3c31a52c35f01f9 | SwiftOperator |
| 6d005d783bf0436e882c55c62457d33d | ResellerAdmin |
| 785c70b150ee4c778fe4de088070b4cf | admin         |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_      |
+----------------------------------+---------------+

+----------------------------------+---------------+
| ID                               | Name          |
+----------------------------------+---------------+
| 544d48aaffde48f1b3c31a52c35f01f9 | SwiftOperator |
| 6d005d783bf0436e882c55c62457d33d | ResellerAdmin |
| 785c70b150ee4c778fe4de088070b4cf | admin         |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_      |
+----------------------------------+---------------+

Copy to Clipboard

Toggle word wrap

使用 domain 和 admin ID 来构造命令，将 admin 用户添加到 keystone LAB 域的 admin 角色中：

openstack role add --domain 6800b0496429431ab1c4efbb3fe810d4 --user 3d75388d351846c6a880e53b2508172a 785c70b150ee4c778fe4de088070b4cf

# openstack role add --domain 6800b0496429431ab1c4efbb3fe810d4 --user 3d75388d351846c6a880e53b2508172a 785c70b150ee4c778fe4de088070b4cf

Copy to Clipboard

Toggle word wrap

返回顶部

5.4. 授予 admin 用户对 OpenStack 身份域的访问权限

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links