Now my authentication phase is right through ldap i guess. But Im getting a error when try to login saying "You are not authorized for any projects."
My ldap configurations have been used by the keystone it seems. keystone command gives following results. root@ubuntu:/home/wso2/ldap#* keystone user-list* WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +------+------+---------+------------------+ | id | name | enabled | email | +------+------+---------+------------------+ | demo | demo | True | d...@example.com | +------+------+---------+------------------+ root@ubuntu:/home/wso2/ldap# *keystone role-list* WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +-------+-------+ | id | name | +-------+-------+ | admin | Admin | +-------+-------+ root@ubuntu:/home/wso2/ldap# *keystone tenant-list* WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +-------+-------+---------+ | id | name | enabled | +-------+-------+---------+ | admin | admin | True | +-------+-------+---------+ But with nova commands return a error with the ldap user credentials. #* nova image-list* ERROR: Invalid OpenStack Nova credentials. System variables I used as follows. export OS_USERNAME=demo export OS_TENANT_NAME=admin export OS_PASSWORD=secret export OS_AUTH_URL=http://192.168.1.111:5000/v2.0/ export OS_REGION_NAME=RegionOne export SERVICE_ENDPOINT="http://192.168.1.111:35357/v2.0" export SERVICE_TOKEN=012345SECRET99TOKEN012345 export OS_NO_CACHE=1 Following is the keystone log.. 2013-05-29 02:45:20 DEBUG [keystone.common.ldap.core] LDAP search: dn=ou=Tenants,dc=example,dc=com, scope=2, query=(&(objectClass=organizationalRole)(roleOccupant=cn=demo,ou=Users,dc=example,dc=com)), attrs=None 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] ******************** RESPONSE HEADERS ******************** 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] Vary = X-Auth-Token 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] Content-Type = application/json 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] Content-Length = 36 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] ******************** RESPONSE BODY ******************** 2013-05-29 02:45:20 DEBUG [keystone.common.wsgi] {"tenants_links": [], "tenants": []} 2013-05-29 02:45:20 INFO [access] 127.0.0.1 - - [28/May/2013:21:15:20 +0000] "GET http://127.0.0.1:5000/v2.0/tenants HTTP/1.0" 200 36 2013-05-29 02:45:20 DEBUG [eventlet.wsgi.server] 127.0.0.1 - - [29/May/2013 02:45:20] "GET /v2.0/tenants HTTP/1.1" 200 164 0.028584 And tenant config of keystone as follows; tenant_tree_dn = ou=Tenants,dc=example,dc=com tenant_objectclass = groupOfNames tenant_id_attribute = cn tenant_member_attribute = member tenant_name_attribute = cn tenant_domain_id_attribute = businessCategory tenant_enabled_attribute = o tenant_allow_create = True tenant_allow_update = True tenant_allow_delete = True tenant_desc_attribute = description *Any one have any suggestions??* It seems no tanents according to the log "DEBUG [keystone.common.wsgi] {"tenants_links": [], "tenants": []} " But i have enabled the user in the Tenant ldap group. dn: cn=admin,ou=Tenants,dc=example,dc=com objectClass: groupOfNames cn: admin o: True businessCategory: default description: Openstack admin Tenant member: cn=demo,ou=Users,dc=example,dc=com Thanks in advance..:) On Mon, May 20, 2013 at 11:24 AM, yasith tharindu <yasithu...@gmail.com>wrote: > The question is posted on openstack ask page. > https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/ > > Error > > 2013-05-19 15:21:23 ERROR [root] 'domain_id' > Traceback (most recent call last): > File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 236, > in __call__ > result = method(context, **params) > File "/usr/lib/python2.7/dist-packages/keystone/token/controllers.py", line > 82, in authenticate > core.validate_auth_info(self, context, user_ref, tenant_ref) > File "/usr/lib/python2.7/dist-packages/keystone/token/core.py", line 84, in > validate_auth_info > user_ref['domain_id']) > KeyError: 'domain_id' > > 2013-05-19 15:21:23 DEBUG [keystone.common.wsgi] {"error": {"message": "An > unexpected error prevented the server from fulfilling your request. > 'domain_id'", "code": 500, "title": "Internal Server Error"}} > > Keystone config > > ========================================================================== > url = ldap://192.168.1.111 > user = cn=admin,dc=example,dc=com > password = secret > suffix = cn=example,cn=com > use_dumb_member = False > tree_dn = dc=example,dc=com > > user_tree_dn = ou=Users,dc=example,dc=com > user_objectclass = inetOrgPerson > user_id_attribute = cn > user_name_attribute = sn > user_pass_attribute = userPassword > user_allow_create = True > user_allow_update = True > user_enabled_attribute = enabled > user_enabled_default = True > user_domain_id_attribute = None > > tenant_tree_dn = ou=Tenants,dc=example,dc=com > tenant_objectclass = groupOfNames > tenant_id_attribute = cn > tenant_member_attribute = member > tenant_name_attribute = ou > tenant_domain_id_attribute = None > tenant_allow_create = True > tenant_allow_update = True > > > role_tree_dn = ou=Roles,dc=example,dc=com > role_objectclass = groupOfNames > role_member_attribute = member > role_id_attribute = cn > role_name_attribute = ou > role_allow_create = True > role_allow_update = True > > > ============================================== > > ldap config as follows. > > dn: dc=example,dc=com > objectClass: top > objectClass: dcObject > objectClass: organization > o: example Inc > dc: example > > > dn: cn=admin,dc=example,dc=com > objectClass: simpleSecurityObject > objectClass: organizationalRole > cn: admin > description: LDAP administrator > userPassword:: c2VjcmV0 > > > > dn: ou=Users,dc=example,dc=com > ou: users > objectClass: organizationalUnit > structuralObjectClass: organizationalUnit > > > dn: ou=Roles,dc=example,dc=com > ou: roles > objectClass: organizationalUnit > structuralObjectClass: organizationalUnit > > > dn: ou=Tenants,dc=example,dc=com > ou: tenants > objectClass: organizationalUnit > > > > dn: cn=demo,ou=Users,dc=example,dc=com > cn: demo > displayName: demo > givenName: demo > mail: d...@example.com > objectClass: inetOrgPerson > objectClass: top > sn: demo > uid: demo > userPassword:: c2VjcmV0 > > > dn: cn=admin,ou=Roles,dc=example,dc=com > objectClass: groupOfNames > cn: admin > description: Openstack admin Role > member: cn=demo,ou=Users,dc=example,dc=com > > > dn: cn=admin,ou=Tenants,dc=example,dc=com > objectClass: groupOfNames > cn: admin > description: Openstack admin Tenant > member: cn=demo,ou=Users,dc=example,dc=com > > I would really appreciate your help > > -- Thanks.. Regards... Blog: http://www.yasith.info Twitter : http://twitter.com/yasithnd LinkedIn : http://www.linkedin.com/in/yasithnd GPG Key ID : *57CEE66E*
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp