Comment 1 for bug 1251678

At the icehouse design summit, we had more agreement that LDAP should not be providing authorization data. Rather, keystone's SQL assignment backend is a more appropriate solution for mapping LDAP-based groups to OpenStack-specific roles. Would that be an appropriate solution here? (this is available as of havana)