Typically, most organizations use Microsoft Active Directory as an organization user directory and identity management system, when Active Directory is responsible for authenticating and authorizing users and applications. While deploying OpenStack, Keystone can leverage Microsoft Active Directory as a centralized identity management system, so all the organization's user accounts are stored in a single directory and OpenStack can retrieve existing users' accounts.
In this section, we will configure Keystone to use an existing Microsoft Active Directory in a Ready Only LDAP configuration. In this configuration, Keystone will be able to retrieve user accounts from Microsoft Active Directory without requiring to make any change with Active Directory Schema or user accounts.
In this configuration, Keystone uses Microsoft Active Directory to store user accounts, and MariaDB server to store assignments of roles, domains...