I have updated the ask page. https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/
On Wed, May 29, 2013 at 8:18 PM, yasith tharindu <yasithu...@gmail.com>wrote: > Now my authentication phase is right through ldap i guess. But Im getting > a error when try to login saying "You are not authorized for any > projects." > > > My ldap configurations have been used by the keystone it seems. keystone > command gives following results. > > > root@ubuntu:/home/wso2/ldap#* keystone user-list* > WARNING: Bypassing authentication using a token & endpoint (authentication > credentials are being ignored). > +------+------+---------+------------------+ > | id | name | enabled | email | > +------+------+---------+------------------+ > | demo | demo | True | d...@example.com | > +------+------+---------+------------------+ > root@ubuntu:/home/wso2/ldap# *keystone role-list* > WARNING: Bypassing authentication using a token & endpoint (authentication > credentials are being ignored). > +-------+-------+ > | id | name | > +-------+-------+ > | admin | Admin | > +-------+-------+ > root@ubuntu:/home/wso2/ldap# *keystone tenant-list* > WARNING: Bypassing authentication using a token & endpoint (authentication > credentials are being ignored). > +-------+-------+---------+ > | id | name | enabled | > +-------+-------+---------+ > | admin | admin | True | > +-------+-------+---------+ > > > > > But with nova commands return a error with the ldap user credentials. > > #* nova image-list* > ERROR: Invalid OpenStack Nova credentials. > > > System variables I used as follows. > > export OS_USERNAME=demo > export OS_TENANT_NAME=admin > export OS_PASSWORD=secret > export OS_AUTH_URL=http://192.168.1.111:5000/v2.0/ > export OS_REGION_NAME=RegionOne > export SERVICE_ENDPOINT="http://192.168.1.111:35357/v2.0"; > export SERVICE_TOKEN=012345SECRET99TOKEN012345 > export OS_NO_CACHE=1 > > > > > Following is the keystone log.. > > 2013-05-29 02:45:20 DEBUG [keystone.common.ldap.core] LDAP search: > dn=ou=Tenants,dc=example,dc=com, scope=2, > query=(&(objectClass=organizationalRole)(roleOccupant=cn=demo,ou=Users,dc=example,dc=com)), > attrs=None > 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] ******************** > RESPONSE HEADERS ******************** > 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] Vary = X-Auth-Token > 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] Content-Type = > application/json > 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] Content-Length = 36 > 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] > 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] ******************** > RESPONSE BODY ******************** > 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] {"tenants_links": [], > "tenants": []} > 2013-05-29 02:45:20 INFO [access] 127.0.0.1 - - [28/May/2013:21:15:20 > +0000] "GET http://127.0.0.1:5000/v2.0/tenants HTTP/1.0" 200 36 > 2013-05-29 02:45:20 DEBUG [eventlet.wsgi.server] 127.0.0.1 - - > [29/May/2013 02:45:20] "GET /v2.0/tenants HTTP/1.1" 200 164 0.028584 > > > > And tenant config of keystone as follows; > > tenant_tree_dn = ou=Tenants,dc=example,dc=com > tenant_objectclass = groupOfNames > tenant_id_attribute = cn > tenant_member_attribute = member > tenant_name_attribute = cn > tenant_domain_id_attribute = businessCategory > tenant_enabled_attribute = o > tenant_allow_create = True > tenant_allow_update = True > tenant_allow_delete = True > tenant_desc_attribute = description > > > > *Any one have any suggestions??* It seems no tanents according to the > log "DEBUG [keystone.common.wsgi] {"tenants_links": [], "tenants": []} " > But i have enabled the user in the Tenant ldap group. > > dn: cn=admin,ou=Tenants,dc=example,dc=com > objectClass: groupOfNames > cn: admin > o: True > businessCategory: default > description: Openstack admin Tenant > member: cn=demo,ou=Users,dc=example,dc=com > > Thanks in advance..:) > > > On Mon, May 20, 2013 at 11:24 AM, yasith tharindu <yasithu...@gmail.com>wrote: > >> The question is posted on openstack ask page. >> https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/ >> >> Error >> >> 2013-05-19 15:21:23 ERROR [root] 'domain_id' >> Traceback (most recent call last): >> File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 236, >> in __call__ >> result = method(context, **params) >> File "/usr/lib/python2.7/dist-packages/keystone/token/controllers.py", >> line 82, in authenticate >> core.validate_auth_info(self, context, user_ref, tenant_ref) >> File "/usr/lib/python2.7/dist-packages/keystone/token/core.py", line 84, >> in validate_auth_info >> user_ref['domain_id']) >> KeyError: 'domain_id' >> >> 2013-05-19 15:21:23 DEBUG [keystone.common.wsgi] {"error": {"message": >> "An unexpected error prevented the server from fulfilling your request. >> 'domain_id'", "code": 500, "title": "Internal Server Error"}} >> >> Keystone config >> >> ========================================================================== >> url = ldap://192.168.1.111 >> user = cn=admin,dc=example,dc=com >> password = secret >> suffix = cn=example,cn=com >> use_dumb_member = False >> tree_dn = dc=example,dc=com >> >> user_tree_dn = ou=Users,dc=example,dc=com >> user_objectclass = inetOrgPerson >> user_id_attribute = cn >> user_name_attribute = sn >> user_pass_attribute = userPassword >> user_allow_create = True >> user_allow_update = True >> user_enabled_attribute = enabled >> user_enabled_default = True >> user_domain_id_attribute = None >> >> tenant_tree_dn = ou=Tenants,dc=example,dc=com >> tenant_objectclass = groupOfNames >> tenant_id_attribute = cn >> tenant_member_attribute = member >> tenant_name_attribute = ou >> tenant_domain_id_attribute = None >> tenant_allow_create = True >> tenant_allow_update = True >> >> >> role_tree_dn = ou=Roles,dc=example,dc=com >> role_objectclass = groupOfNames >> role_member_attribute = member >> role_id_attribute = cn >> role_name_attribute = ou >> role_allow_create = True >> role_allow_update = True >> >> >> ============================================== >> >> ldap config as follows. >> >> dn: dc=example,dc=com >> objectClass: top >> objectClass: dcObject >> objectClass: organization >> o: example Inc >> dc: example >> >> >> dn: cn=admin,dc=example,dc=com >> objectClass: simpleSecurityObject >> objectClass: organizationalRole >> cn: admin >> description: LDAP administrator >> userPassword:: c2VjcmV0 >> >> >> >> dn: ou=Users,dc=example,dc=com >> ou: users >> objectClass: organizationalUnit >> structuralObjectClass: organizationalUnit >> >> >> dn: ou=Roles,dc=example,dc=com >> ou: roles >> objectClass: organizationalUnit >> structuralObjectClass: organizationalUnit >> >> >> dn: ou=Tenants,dc=example,dc=com >> ou: tenants >> objectClass: organizationalUnit >> >> >> >> dn: cn=demo,ou=Users,dc=example,dc=com >> cn: demo >> displayName: demo >> givenName: demo >> mail: d...@example.com >> objectClass: inetOrgPerson >> objectClass: top >> sn: demo >> uid: demo >> userPassword:: c2VjcmV0 >> >> >> dn: cn=admin,ou=Roles,dc=example,dc=com >> objectClass: groupOfNames >> cn: admin >> description: Openstack admin Role >> member: cn=demo,ou=Users,dc=example,dc=com >> >> >> dn: cn=admin,ou=Tenants,dc=example,dc=com >> objectClass: groupOfNames >> cn: admin >> description: Openstack admin Tenant >> member: cn=demo,ou=Users,dc=example,dc=com >> >> I would really appreciate your help >> >> > > > -- > Thanks.. > Regards... > > Blog: http://www.yasith.info > Twitter : http://twitter.com/yasithnd > LinkedIn : http://www.linkedin.com/in/yasithnd > GPG Key ID : *57CEE66E* > -- Thanks.. Regards... Blog: http://www.yasith.info Twitter : http://twitter.com/yasithnd LinkedIn : http://www.linkedin.com/in/yasithnd GPG Key ID : *57CEE66E*
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
