I think my LDAP bind is working by tenant-list and user-list gives me admin_required error.
Looks like the LDAP admin user does not have any roles. is that the issue? # keystone discover Keystone found at http://localhost:5000/v2.0/ - supports version v2.0 (beta) here http://149.165.159.121:5000/v2.0/ root@i121:~# keystone service-list +----+------+------+-------------+ | id | name | type | description | +----+------+------+-------------+ +----+------+------+-------------+ root@i121:~# keystone user-list No handlers could be found for logger "keystoneclient.client" You are not authorized to perform the requested action: admin_required (HTTP 403) root@i121:~# keystone tenant-list No handlers could be found for logger "keystoneclient.client" You are not authorized to perform the requested action: admin_required (HTTP 403) > keystone.common.ldap.core): 2012-05-22 11:36:02,263 DEBUG LDAP init: > url=ldap://ldap.project.org > (keystone.common.ldap.core): 2012-05-22 11:36:02,263 DEBUG LDAP bind: > dn=uid=user,ou=People,dc=project,dc=org > (keystone.common.ldap.core): 2012-05-22 11:36:02,271 DEBUG LDAP search: > dn=ou=ostenants,dc=project,dc=org, scope=1, > query=(&(member=uid=admin,ou=People,dc=project,dc=org)(objectClass=groupOfNames)) > (root): 2012-05-22 11:36:02,425 DEBUG TOKEN_REF {'id': > 'dfc4b2ecexxxd014x280d91efeecda06', 'expires': datetime.datetime(2012, 5, 23, > 15, 36, 2, 274565), 'user': {'id': 'admin', 'name': 'admin'}, 'tenant': > {'id': 'admin', 'name': 'admin'}, 'metadata': {}} > (eventlet.wsgi.server): 2012-05-22 11:36:02,426 DEBUG 127.0.0.1 - - > [22/May/2012 11:36:02] "POST /v2.0/tokens HTTP/1.1" 200 1762 0.166139 > (keystone.policy.backends.rules): 2012-05-22 11:36:02,439 DEBUG enforce > admin_required: {'tenant_id': u'admin', 'user_id': u'admin', 'roles': []} --sharif _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
