[Openstack] Problems in horizon + LDAP
Hello to all. I integrated openstack with succesfully, but it only works 100% using CLI. Using horizon a lot of errors appear in the dashboard. One of the problems is when I try to add users to a project.In the CLI that's the output:keystone --debug user-role-add --tenant-id 5743642aebb341309761c6ae963dc3ef --user b8e26630750841dd92c7538a62305d60 --role c93d4846da2d4f21824606b5d3747ed9WARNING: Bypassing authentication using a token endpoint (authentication credentials are being ignored).REQ: curl -i http://192.168.0.201:35357/v2.0/users/b8e26630750841dd92c7538a62305d60 -X GET -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: password"RESP: [200] {'date': 'Wed, 08 May 2013 19:20:48 GMT', 'content-type': 'application/json', 'content-length': '96', 'vary': 'X-Auth-Token'}RESP BODY: {"user": {"id": "b8e26630750841dd92c7538a62305d60", "name": "nova", "email": "n...@domain.com"}}REQ: curl -i http://192.168.0.201:35357/v2.0/OS-KSADM/roles/c93d4846da2d4f21824606b5d3747ed9 -X GET -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: password"RESP: [200] {'date': 'Wed, 08 May 2013 19:20:48 GMT', 'content-type': 'application/json', 'content-length': '69', 'vary': 'X-Auth-Token'}RESP BODY: {"role": {"id": "c93d4846da2d4f21824606b5d3747ed9", "name": "admin"}}REQ: curl -i http://192.168.0.201:35357/v2.0/tenants/5743642aebb341309761c6ae963dc3ef -X GET -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: password"RESP: [200] {'date': 'Wed, 08 May 2013 19:20:48 GMT', 'content-type': 'application/json', 'content-length': '95', 'vary': 'X-Auth-Token'}RESP BODY: {"tenant": {"description": "teste", "id": "5743642aebb341309761c6ae963dc3ef", "name": "teste"}}REQ: curl -i http://192.168.0.201:35357/v2.0/tenants/5743642aebb341309761c6ae963dc3ef/users/b8e26630750841dd92c7538a62305d60/roles/OS-KSADM/c93d4846da2d4f21824606b5d3747ed9 PUT -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: password"RESP: [200] {'date': 'Wed, 08 May 2013 19:20:48 GMT', 'content-type': 'application/json', 'content-length': '69', 'vary': 'X-Auth-Token'}RESP BODY: {"role": {"id": "c93d4846da2d4f21824606b5d3747ed9", "name": "admin"}}I check in the horizon and the user is listed under the project, with the designed role.If I try to make the same thing using horizon, an error "Error: There was an error submitting the form. Please try again." appears on console. Checking the log of apache, there's the following error:[Wed May 08 19:26:23 2013] [error] DEBUG:urllib3.connectionpool:"POST /v2.0/tenants/5743642aebb341309761c6ae963dc3ef HTTP/1.1" 200 16[Wed May 08 19:26:23 2013] [error] ERROR:django.request:Internal Server Error: /horizon/admin/projects/5743642aebb341309761c6ae963dc3ef/update/[Wed May 08 19:26:23 2013] [error] Traceback (most recent call last):[Wed May 08 19:26:23 2013] [error] File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 111, in get_response[Wed May 08 19:26:23 2013] [error] response = callback(request, *callback_args, **callback_kwargs)[Wed May 08 19:26:23 2013] [error] File "/usr/lib/python2.7/dist-packages/horizon/decorators.py", line 38, in dec[Wed May 08 19:26:23 2013] [error] return view_func(request, *args, **kwargs)[Wed May 08 19:26:23 2013] [error] File "/usr/lib/python2.7/dist-packages/horizon/decorators.py", line 86, in dec[Wed May 08 19:26:23 2013] [error] return view_func(request, *args, **kwargs)[Wed May 08 19:26:23 2013] [error] File "/usr/lib/python2.7/dist-packages/horizon/decorators.py", line 54, in dec[Wed May 08 19:26:23 2013] [error] return view_func(request, *args, **kwargs)[Wed May 08 19:26:23 2013] [error] File "/usr/lib/python2.7/dist-packages/horizon/decorators.py", line 38, in dec[Wed May 08 19:26:23 2013] [error] return view_func(request, *args, **kwargs)[Wed May 08 19:26:23 2013] [error] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 48, in view[Wed May 08 19:26:23 2013] [error] return self.dispatch(request, *args, **kwargs)[Wed May 08 19:26:23 2013] [error] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 69, in dispatch[Wed May 08 19:26:23 2013] [error] return handler(request, *args, **kwargs)[Wed May 08 19:26:23 2013] [error] File "/usr/lib/python2.7/dist-packages/horizon/workflows/views.py", line 139, in post[Wed May 08 19:26:23 2013] [error] exceptions.handle(request)[Wed May 08 19:26:23 2013] [error] File "/usr/lib/python2.7/dist-packages/horizon/workflows/views.py", line 136, in post[Wed May 08 19:26:23 2013] [error] success = workflow.finalize()[Wed May 08 19:26:23 2013] [error] File "/usr/lib/python2.7/dist-packages/horizon/workflows/base.py", line 779, in finalize[Wed May 08 19:26:23 2013] [error] if not self.handle(self.request, self.context):[Wed May 08 19:26:23 2013] [error] File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/dashboards/admin/projects/workflows.py", line 312, in handle[Wed May 08 19:26:23 2013] [error] exceptions.handle(request,
[Openstack] New schema for LDAP + Keystone Grizzly?
Hello to all!Before the release of version grizzly 3, the suggested schema in the openstack documentation (http://docs.openstack.org/trunk/openstack-compute/admin/content/configuring-keystone-for-ldap-backend.html) worked fine. This is the suggested schema:dn: cn=openstack,cn=org dc: openstack objectClass: dcObject objectClass: organizationalUnit ou: openstack dn: ou=Groups,cn=openstack,cn=org objectClass: top objectClass: organizationalUnit ou: groups dn: ou=Users,cn=openstack,cn=org objectClass: top objectClass: organizationalUnit ou: users dn: ou=Roles,cn=openstack,cn=org objectClass: top objectClass: organizationalUnit ou: rolesBut after the release of the version grizzly 3 I think that's not enough anymore, mainly because of the "domain" concept.I'm kind of lost trying to make LDAP work with keystone now...does anyone succeed in this? I created a new dn, something like:dn: ou=Domains,cn=openstack,cn=org objectClass: top objectClass: organizationalUnit ou: Domains But when I run the "keystone-manage db_sync" the "default" domain isn't created in the LDAP...When I manually create the domain in there, I have a problem with authentication...I think I must be doing something wrong, does anyone have a light?Thanks in advance,Marcelo M. Miziara marcelo.mizi...@serpro.gov.br - Esta mensagem do SERVIO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pblica federal regida pelo disposto na Lei Federal n 5.615, enviada exclusivamente a seu destinatrio e pode conter informaes confidenciais, protegidas por sigilo profissional. Sua utilizao desautorizada ilegal e sujeita o infrator s penas da lei. Se voc a recebeu indevidamente, queira, por gentileza, reenvi-la ao emitente, esclarecendo o equvoco. This message from SERVIO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) -- a government company established under Brazilian law (5.615/70) -- is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the laws penalties. If youre not the addressee, please send it back, elucidating the failure. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] keystone + LDAP username only with numbers
Hello to everyone. First of all sorry for my bad english.Second, i'm implementing openstack here in my company, and we pretend to use it with ldap integration. I detected a problem when the username is only numbers (in our case we use our ID number to log in):TypeError at /nova/ sequence item 1: expected string or Unicode, int foundRequest Method: GET Request URL: 100.10.10.51/horizon/nova/ Django Version: 1.4.1 Exception Type: TypeError Exception Value: sequence item 1: expected string or Unicode, int found Exception Location: /usr/lib/python2.7/dist-packages/novaclient/client.py in authenticate, line 316 Python Executable: /usr/bin/python Python Version: 2.7.3 Python Path: ['/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../..', '/usr/lib/python2.7', '/usr/lib/python2.7/plat-linux2', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/local/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages', '/usr/share/openstack-dashboard/', '/usr/share/openstack-dashboard/openstack_dashboard'] Server time: Qui, 17 Jan 2013 12:37:11 +Then I created another user with letters in the user name and this error doesn't appear...but then I got another type of error that I'll discuss later...someone experienced this error, or am I doing something wrong?Thanks in advance,Marcelo M. Miziara Serviço Federal de Processamento de Dados - SERPRO CDEBW/CDTEC/SUPCD 55 (41) 3593 8277 marcelo.mizi...@serpro.gov.br - Esta mensagem do SERVIO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pblica federal regida pelo disposto na Lei Federal n 5.615, enviada exclusivamente a seu destinatrio e pode conter informaes confidenciais, protegidas por sigilo profissional. Sua utilizao desautorizada ilegal e sujeita o infrator s penas da lei. Se voc a recebeu indevidamente, queira, por gentileza, reenvi-la ao emitente, esclarecendo o equvoco. This message from SERVIO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) -- a government company established under Brazilian law (5.615/70) -- is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the laws penalties. If youre not the addressee, please send it back, elucidating the failure. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp