@billy yes I tried it, but nothing worked since the users in the trusted forest are listed as foreignsecurityprincipal object in Active directory and they cannot be treated as normal persons and neither listed with keystone. So no, I don't think that this is something that we can support. Users are listed with urls similar to that: LDAP://CN=S-1-5-21-100066778-12312342-412341235-513,CN=ForeignSecurityPrincipals,DC=domain,DC=com"
@billy yes I tried it, but nothing worked since the users in the trusted forest are listed as foreignsecurity principal object in Active directory and they cannot be treated as normal persons and neither listed with keystone. So no, I don't think that this is something that we can support. Users are listed with urls similar to that: LDAP:// CN=S-1- 5-21-100066778- 12312342- 412341235- 513,CN= ForeignSecurity Principals, DC=domain, DC=com"