Re: [Openstack] How to configure Keystone with open LDAP + horizon on grizzly
I have updated the ask page. https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/ On Wed, May 29, 2013 at 8:18 PM, yasith tharindu wrote: > Now my authentication phase is right through ldap i guess. But Im getting > a error when try to login saying "You are not authorized for any > projects." > > > My ldap configurations have been used by the keystone it seems. keystone > command gives following results. > > > root@ubuntu:/home/wso2/ldap#* keystone user-list* > WARNING: Bypassing authentication using a token & endpoint (authentication > credentials are being ignored). > +--+--+-+--+ > | id | name | enabled | email | > +--+--+-+--+ > | demo | demo | True | d...@example.com | > +--+--+-+--+ > root@ubuntu:/home/wso2/ldap# *keystone role-list* > WARNING: Bypassing authentication using a token & endpoint (authentication > credentials are being ignored). > +---+---+ > | id | name | > +---+---+ > | admin | Admin | > +---+---+ > root@ubuntu:/home/wso2/ldap# *keystone tenant-list* > WARNING: Bypassing authentication using a token & endpoint (authentication > credentials are being ignored). > +---+---+-+ > | id | name | enabled | > +---+---+-+ > | admin | admin | True | > +---+---+-+ > > > > > But with nova commands return a error with the ldap user credentials. > > #* nova image-list* > ERROR: Invalid OpenStack Nova credentials. > > > System variables I used as follows. > > export OS_USERNAME=demo > export OS_TENANT_NAME=admin > export OS_PASSWORD=secret > export OS_AUTH_URL=http://192.168.1.111:5000/v2.0/ > export OS_REGION_NAME=RegionOne > export SERVICE_ENDPOINT="http://192.168.1.111:35357/v2.0"; > export SERVICE_TOKEN=012345SECRET99TOKEN012345 > export OS_NO_CACHE=1 > > > > > Following is the keystone log.. > > 2013-05-29 02:45:20DEBUG [keystone.common.ldap.core] LDAP search: > dn=ou=Tenants,dc=example,dc=com, scope=2, > query=(&(objectClass=organizationalRole)(roleOccupant=cn=demo,ou=Users,dc=example,dc=com)), > attrs=None > 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] > RESPONSE HEADERS > 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Vary = X-Auth-Token > 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Type = > application/json > 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Length = 36 > 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] > 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] > RESPONSE BODY > 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] {"tenants_links": [], > "tenants": []} > 2013-05-29 02:45:20 INFO [access] 127.0.0.1 - - [28/May/2013:21:15:20 > +] "GET http://127.0.0.1:5000/v2.0/tenants HTTP/1.0" 200 36 > 2013-05-29 02:45:20DEBUG [eventlet.wsgi.server] 127.0.0.1 - - > [29/May/2013 02:45:20] "GET /v2.0/tenants HTTP/1.1" 200 164 0.028584 > > > > And tenant config of keystone as follows; > > tenant_tree_dn = ou=Tenants,dc=example,dc=com > tenant_objectclass = groupOfNames > tenant_id_attribute = cn > tenant_member_attribute = member > tenant_name_attribute = cn > tenant_domain_id_attribute = businessCategory > tenant_enabled_attribute = o > tenant_allow_create = True > tenant_allow_update = True > tenant_allow_delete = True > tenant_desc_attribute = description > > > > *Any one have any suggestions??* It seems no tanents according to the > log "DEBUG [keystone.common.wsgi] {"tenants_links": [], "tenants": []} " > But i have enabled the user in the Tenant ldap group. > > dn: cn=admin,ou=Tenants,dc=example,dc=com > objectClass: groupOfNames > cn: admin > o: True > businessCategory: default > description: Openstack admin Tenant > member: cn=demo,ou=Users,dc=example,dc=com > > Thanks in advance..:) > > > On Mon, May 20, 2013 at 11:24 AM, yasith tharindu wrote: > >> The question is posted on openstack ask page. >> https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/ >> >> Error >> >> 2013-05-19 15:21:23ERROR [root] 'domain_id' >> Traceback (most recent call last): >> File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 236, >> in __call__ >> result = method(context, **params) >> File "/usr/lib/python2.7/dist-packages/keystone/token/controllers.py", >> line 82, in authenticate >> core.validate_auth_info(self, context, user_ref, tenant_ref) >> File "/usr/lib/python2.7/dist-packages/keystone/token/core.py", line 84, >> in validate_auth_info >> user_ref['domain_id']) >> KeyError: 'domain_id' >> >> 2013-05-19 15:21:23DEBUG [keystone.common.wsgi] {"error": {"message": >> "An unexpected error prevented the server from fulfilling your request. >> 'domain_id'", "code": 500, "title": "Internal Server Error"}} >> >> Keystone
Re: [Openstack] How to configure Keystone with open LDAP + horizon on grizzly
Now my authentication phase is right through ldap i guess. But Im getting a error when try to login saying "You are not authorized for any projects." My ldap configurations have been used by the keystone it seems. keystone command gives following results. root@ubuntu:/home/wso2/ldap#* keystone user-list* WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +--+--+-+--+ | id | name | enabled | email | +--+--+-+--+ | demo | demo | True | d...@example.com | +--+--+-+--+ root@ubuntu:/home/wso2/ldap# *keystone role-list* WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +---+---+ | id | name | +---+---+ | admin | Admin | +---+---+ root@ubuntu:/home/wso2/ldap# *keystone tenant-list* WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +---+---+-+ | id | name | enabled | +---+---+-+ | admin | admin | True | +---+---+-+ But with nova commands return a error with the ldap user credentials. #* nova image-list* ERROR: Invalid OpenStack Nova credentials. System variables I used as follows. export OS_USERNAME=demo export OS_TENANT_NAME=admin export OS_PASSWORD=secret export OS_AUTH_URL=http://192.168.1.111:5000/v2.0/ export OS_REGION_NAME=RegionOne export SERVICE_ENDPOINT="http://192.168.1.111:35357/v2.0"; export SERVICE_TOKEN=012345SECRET99TOKEN012345 export OS_NO_CACHE=1 Following is the keystone log.. 2013-05-29 02:45:20DEBUG [keystone.common.ldap.core] LDAP search: dn=ou=Tenants,dc=example,dc=com, scope=2, query=(&(objectClass=organizationalRole)(roleOccupant=cn=demo,ou=Users,dc=example,dc=com)), attrs=None 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] RESPONSE HEADERS 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Vary = X-Auth-Token 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Type = application/json 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Length = 36 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] RESPONSE BODY 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] {"tenants_links": [], "tenants": []} 2013-05-29 02:45:20 INFO [access] 127.0.0.1 - - [28/May/2013:21:15:20 +] "GET http://127.0.0.1:5000/v2.0/tenants HTTP/1.0" 200 36 2013-05-29 02:45:20DEBUG [eventlet.wsgi.server] 127.0.0.1 - - [29/May/2013 02:45:20] "GET /v2.0/tenants HTTP/1.1" 200 164 0.028584 And tenant config of keystone as follows; tenant_tree_dn = ou=Tenants,dc=example,dc=com tenant_objectclass = groupOfNames tenant_id_attribute = cn tenant_member_attribute = member tenant_name_attribute = cn tenant_domain_id_attribute = businessCategory tenant_enabled_attribute = o tenant_allow_create = True tenant_allow_update = True tenant_allow_delete = True tenant_desc_attribute = description *Any one have any suggestions??* It seems no tanents according to the log "DEBUG [keystone.common.wsgi] {"tenants_links": [], "tenants": []} " But i have enabled the user in the Tenant ldap group. dn: cn=admin,ou=Tenants,dc=example,dc=com objectClass: groupOfNames cn: admin o: True businessCategory: default description: Openstack admin Tenant member: cn=demo,ou=Users,dc=example,dc=com Thanks in advance..:) On Mon, May 20, 2013 at 11:24 AM, yasith tharindu wrote: > The question is posted on openstack ask page. > https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/ > > Error > > 2013-05-19 15:21:23ERROR [root] 'domain_id' > Traceback (most recent call last): > File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 236, > in __call__ > result = method(context, **params) > File "/usr/lib/python2.7/dist-packages/keystone/token/controllers.py", line > 82, in authenticate > core.validate_auth_info(self, context, user_ref, tenant_ref) > File "/usr/lib/python2.7/dist-packages/keystone/token/core.py", line 84, in > validate_auth_info > user_ref['domain_id']) > KeyError: 'domain_id' > > 2013-05-19 15:21:23DEBUG [keystone.common.wsgi] {"error": {"message": "An > unexpected error prevented the server from fulfilling your request. > 'domain_id'", "code": 500, "title": "Internal Server Error"}} > > Keystone config > > == > url = ldap://192.168.1.111 > user = cn=admin,dc=example,dc=com > password = secret > suffix = cn=example,cn=com > use_dumb_member = False > tree_dn = dc=example,dc=com > > user_tree_dn = ou=Users,dc=example,dc=com > user_objectclass = inetOrgPerson > user_id_attribute = cn > user_name_attribute = sn > user_pass_attribute =
[Openstack] How to configure Keystone with open LDAP + horizon on grizzly
The question is posted on openstack ask page. https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/ Error 2013-05-19 15:21:23ERROR [root] 'domain_id' Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 236, in __call__ result = method(context, **params) File "/usr/lib/python2.7/dist-packages/keystone/token/controllers.py", line 82, in authenticate core.validate_auth_info(self, context, user_ref, tenant_ref) File "/usr/lib/python2.7/dist-packages/keystone/token/core.py", line 84, in validate_auth_info user_ref['domain_id']) KeyError: 'domain_id' 2013-05-19 15:21:23DEBUG [keystone.common.wsgi] {"error": {"message": "An unexpected error prevented the server from fulfilling your request. 'domain_id'", "code": 500, "title": "Internal Server Error"}} Keystone config == url = ldap://192.168.1.111 user = cn=admin,dc=example,dc=com password = secret suffix = cn=example,cn=com use_dumb_member = False tree_dn = dc=example,dc=com user_tree_dn = ou=Users,dc=example,dc=com user_objectclass = inetOrgPerson user_id_attribute = cn user_name_attribute = sn user_pass_attribute = userPassword user_allow_create = True user_allow_update = True user_enabled_attribute = enabled user_enabled_default = True user_domain_id_attribute = None tenant_tree_dn = ou=Tenants,dc=example,dc=com tenant_objectclass = groupOfNames tenant_id_attribute = cn tenant_member_attribute = member tenant_name_attribute = ou tenant_domain_id_attribute = None tenant_allow_create = True tenant_allow_update = True role_tree_dn = ou=Roles,dc=example,dc=com role_objectclass = groupOfNames role_member_attribute = member role_id_attribute = cn role_name_attribute = ou role_allow_create = True role_allow_update = True == ldap config as follows. dn: dc=example,dc=com objectClass: top objectClass: dcObject objectClass: organization o: example Inc dc: example dn: cn=admin,dc=example,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: c2VjcmV0 dn: ou=Users,dc=example,dc=com ou: users objectClass: organizationalUnit structuralObjectClass: organizationalUnit dn: ou=Roles,dc=example,dc=com ou: roles objectClass: organizationalUnit structuralObjectClass: organizationalUnit dn: ou=Tenants,dc=example,dc=com ou: tenants objectClass: organizationalUnit dn: cn=demo,ou=Users,dc=example,dc=com cn: demo displayName: demo givenName: demo mail: d...@example.com objectClass: inetOrgPerson objectClass: top sn: demo uid: demo userPassword:: c2VjcmV0 dn: cn=admin,ou=Roles,dc=example,dc=com objectClass: groupOfNames cn: admin description: Openstack admin Role member: cn=demo,ou=Users,dc=example,dc=com dn: cn=admin,ou=Tenants,dc=example,dc=com objectClass: groupOfNames cn: admin description: Openstack admin Tenant member: cn=demo,ou=Users,dc=example,dc=com I would really appreciate your help ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp