keystone LDAP config for AD

keystone.conf

[ldap]
url = ldap://10.181.143.15
user = CN=Administrator,CN=Users,DC=rcbops,DC=me
password = hzQpjSTaS5Fg
suffix = DC=rcbops,DC=me
use_dumb_member = True
dumb_member = CN=Administrator,CN=Users,DC=rcbops,DC=me
user_tree_dn = CN=Users,DC=rcbops,DC=me
user_objectclass = person
user_id_attribute = cn
user_name_attribute = cn
user_mail_attribute = mail
user_enabled_attribute = userAccountControl
user_domain_id_attribute = businessCategory
user_enabled_mask = 2
user_enabled_default = 512
user_attribute_ignore = password,tenantId,tenants
user_allow_create = False
user_allow_update = False
user_allow_delete = False
tenant_tree_dn = OU=Tenants,DC=rcbops,DC=me
tenant_objectclass = groupOfNames
tenant_id_attribute = cn
tenant_member_attribute = member
tenant_name_attribute = ou
tenant_desc_attribute = description
tenant_enabled_attribute = extensionName
tenant_allow_create = True
tenant_allow_update = True
tenant_allow_delete = True
role_tree_dn = OU=Roles,DC=rcbops,DC=me
role_objectclass = organizationalRole
role_id_attribute = cn
role_name_attribute = ou
role_member_attribute = roleOccupant
role_allow_create = True
role_allow_update = True
role_allow_delete = True
group_attribute_ignore = enabled
domain_tree_dn = OU=Domains,DC=rcbops,DC=me
domain_objectclass = Group
domain_attribute_ignore = enabled
domain_enabled_emulation = True
domain_enabled_emulation_dn = OU=Domains,DC=rcbops,DC=me