On 11/15/2013 11:15 AM, Ben Nemec wrote:
This list is for development discussion only. Since this sounds like
a question specific to RHEL, might I suggest you ask it on
http://openstack.redhat.com/forum/ ?
Nah, this is legit.
Thanks.
-Ben
On 2013-11-15 10:13, Abhishek Lahiri wrote:
I have installed openstack-keystone-2013.2-0.11.b3.el6.noarch rpm
and I added a active directory user "test123" with role admin and
tenant admin successfully. In Keystone.conf identity is pointed
to ldap and assignment is pointed to SQL. I sourced keystonerc
file with the correct credentials for user test123 and then
trying to run a keystone commands.
However when I run keystone get-token if gives me the following
error:
Authorization Failed: An unexpected error prevented the server
from fulfilling your request. {'info': '000020D6: SvcErr:
DSID-031007DB, problem 5012 (DIR_ERROR), data 0\n', 'desc':
'Operations error'} (HTTP 500)
So, yes, if you do not explicitly supply the assignements backend, and
the frontend is specified to be LDAP, we assume the assignments backend
is LDAP as well. The reason is to avoid breaking backwards compat for
people that already have LDAP working under Grizzly and are upgrading.
I am not sure why keystone is still looking at the Active
Directory for authorization?
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org <mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
