On Fri, Nov 15, 2013 at 3:01 PM, Adam Young <ayo...@redhat.com> wrote:
> On 11/15/2013 11:15 AM, Ben Nemec wrote: > > This list is for development discussion only. Since this sounds like a > question specific to RHEL, might I suggest you ask it on > http://openstack.redhat.com/forum/ ? > > > Nah, this is legit. > Thanks Adam, I did post a question in redhat forum but so far I have not got a reply. > Thanks. > > -Ben > > On 2013-11-15 10:13, Abhishek Lahiri wrote: > > > > I have installed openstack-keystone-2013.2-0.11.b3.el6.noarch rpm and I >> added a active directory user "test123" with role admin and tenant admin >> successfully. In Keystone.conf identity is pointed to ldap and assignment >> is pointed to SQL. I sourced keystonerc file with the correct credentials >> for user test123 and then trying to run a keystone commands. >> >> However when I run keystone get-token if gives me the following error: >> Authorization Failed: An unexpected error prevented the server from >> fulfilling your request. {'info': '000020D6: SvcErr: DSID-031007DB, problem >> 5012 (DIR_ERROR), data 0\n', 'desc': 'Operations error'} (HTTP 500) >> > So, yes, if you do not explicitly supply the assignements backend, and > the frontend is specified to be LDAP, we assume the assignments backend is > LDAP as well. The reason is to avoid breaking backwards compat for people > that already have LDAP working under Grizzly and are upgrading. > I do point Assignment explicitly to the sql backend and Identity to ldap backend. Using the admin token I can also do a user list against AD successfully. But as I said when I unset the ADMIN token and source the keystonerc file with the username/password of the AD user I get this error. This is the same AD user that I am using for keystone to bind to AD (and therefore is used when I use the ADMIN token - this proves that credentials in keystonrc file is valid).
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
