Re: [Openstack] How to configure Keystone with open LDAP + horizon on grizzly
I have updated the ask page.
https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/
On Wed, May 29, 2013 at 8:18 PM, yasith tharindu wrote:
> Now my authentication phase is right through ldap i guess. But Im getting
> a error when try to login saying "You are not authorized for any
> projects."
>
>
> My ldap configurations have been used by the keystone it seems. keystone
> command gives following results.
>
>
> root@ubuntu:/home/wso2/ldap#* keystone user-list*
> WARNING: Bypassing authentication using a token & endpoint (authentication
> credentials are being ignored).
> +--+--+-+--+
> | id | name | enabled | email |
> +--+--+-+--+
> | demo | demo | True | d...@example.com |
> +--+--+-+--+
> root@ubuntu:/home/wso2/ldap# *keystone role-list*
> WARNING: Bypassing authentication using a token & endpoint (authentication
> credentials are being ignored).
> +---+---+
> | id | name |
> +---+---+
> | admin | Admin |
> +---+---+
> root@ubuntu:/home/wso2/ldap# *keystone tenant-list*
> WARNING: Bypassing authentication using a token & endpoint (authentication
> credentials are being ignored).
> +---+---+-+
> | id | name | enabled |
> +---+---+-+
> | admin | admin | True |
> +---+---+-+
>
>
>
>
> But with nova commands return a error with the ldap user credentials.
>
> #* nova image-list*
> ERROR: Invalid OpenStack Nova credentials.
>
>
> System variables I used as follows.
>
> export OS_USERNAME=demo
> export OS_TENANT_NAME=admin
> export OS_PASSWORD=secret
> export OS_AUTH_URL=http://192.168.1.111:5000/v2.0/
> export OS_REGION_NAME=RegionOne
> export SERVICE_ENDPOINT="http://192.168.1.111:35357/v2.0";
> export SERVICE_TOKEN=012345SECRET99TOKEN012345
> export OS_NO_CACHE=1
>
>
>
>
> Following is the keystone log..
>
> 2013-05-29 02:45:20DEBUG [keystone.common.ldap.core] LDAP search:
> dn=ou=Tenants,dc=example,dc=com, scope=2,
> query=(&(objectClass=organizationalRole)(roleOccupant=cn=demo,ou=Users,dc=example,dc=com)),
> attrs=None
> 2013-05-29 02:45:20DEBUG [keystone.common.wsgi]
> RESPONSE HEADERS
> 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Vary = X-Auth-Token
> 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Type =
> application/json
> 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Length = 36
> 2013-05-29 02:45:20DEBUG [keystone.common.wsgi]
> 2013-05-29 02:45:20DEBUG [keystone.common.wsgi]
> RESPONSE BODY
> 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] {"tenants_links": [],
> "tenants": []}
> 2013-05-29 02:45:20 INFO [access] 127.0.0.1 - - [28/May/2013:21:15:20
> +] "GET http://127.0.0.1:5000/v2.0/tenants HTTP/1.0" 200 36
> 2013-05-29 02:45:20DEBUG [eventlet.wsgi.server] 127.0.0.1 - -
> [29/May/2013 02:45:20] "GET /v2.0/tenants HTTP/1.1" 200 164 0.028584
>
>
>
> And tenant config of keystone as follows;
>
> tenant_tree_dn = ou=Tenants,dc=example,dc=com
> tenant_objectclass = groupOfNames
> tenant_id_attribute = cn
> tenant_member_attribute = member
> tenant_name_attribute = cn
> tenant_domain_id_attribute = businessCategory
> tenant_enabled_attribute = o
> tenant_allow_create = True
> tenant_allow_update = True
> tenant_allow_delete = True
> tenant_desc_attribute = description
>
>
>
> *Any one have any suggestions??* It seems no tanents according to the
> log "DEBUG [keystone.common.wsgi] {"tenants_links": [], "tenants": []} "
> But i have enabled the user in the Tenant ldap group.
>
> dn: cn=admin,ou=Tenants,dc=example,dc=com
> objectClass: groupOfNames
> cn: admin
> o: True
> businessCategory: default
> description: Openstack admin Tenant
> member: cn=demo,ou=Users,dc=example,dc=com
>
> Thanks in advance..:)
>
>
> On Mon, May 20, 2013 at 11:24 AM, yasith tharindu wrote:
>
>> The question is posted on openstack ask page.
>> https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/
>>
>> Error
>>
>> 2013-05-19 15:21:23ERROR [root] 'domain_id'
>> Traceback (most recent call last):
>> File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 236,
>> in __call__
>> result = method(context, **params)
>> File "/usr/lib/python2.7/dist-packages/keystone/token/controllers.py",
>> line 82, in authenticate
>> core.validate_auth_info(self, context, user_ref, tenant_ref)
>> File "/usr/lib/python2.7/dist-packages/keystone/token/core.py", line 84,
>> in validate_auth_info
>> user_ref['domain_id'])
>> KeyError: 'domain_id'
>>
>> 2013-05-19 15:21:23DEBUG [keystone.common.wsgi] {"error": {"message":
>> "An unexpected error prevented the server from fulfilling your request.
>> 'domain_id'", "code": 500, "title": "Internal Server Error"}}
>>
>> Keystone
Re: [Openstack] How to configure Keystone with open LDAP + horizon on grizzly
Now my authentication phase is right through ldap i guess. But Im getting a
error when try to login saying "You are not authorized for any projects."
My ldap configurations have been used by the keystone it seems. keystone
command gives following results.
root@ubuntu:/home/wso2/ldap#* keystone user-list*
WARNING: Bypassing authentication using a token & endpoint (authentication
credentials are being ignored).
+--+--+-+--+
| id | name | enabled | email |
+--+--+-+--+
| demo | demo | True | d...@example.com |
+--+--+-+--+
root@ubuntu:/home/wso2/ldap# *keystone role-list*
WARNING: Bypassing authentication using a token & endpoint (authentication
credentials are being ignored).
+---+---+
| id | name |
+---+---+
| admin | Admin |
+---+---+
root@ubuntu:/home/wso2/ldap# *keystone tenant-list*
WARNING: Bypassing authentication using a token & endpoint (authentication
credentials are being ignored).
+---+---+-+
| id | name | enabled |
+---+---+-+
| admin | admin | True |
+---+---+-+
But with nova commands return a error with the ldap user credentials.
#* nova image-list*
ERROR: Invalid OpenStack Nova credentials.
System variables I used as follows.
export OS_USERNAME=demo
export OS_TENANT_NAME=admin
export OS_PASSWORD=secret
export OS_AUTH_URL=http://192.168.1.111:5000/v2.0/
export OS_REGION_NAME=RegionOne
export SERVICE_ENDPOINT="http://192.168.1.111:35357/v2.0";
export SERVICE_TOKEN=012345SECRET99TOKEN012345
export OS_NO_CACHE=1
Following is the keystone log..
2013-05-29 02:45:20DEBUG [keystone.common.ldap.core] LDAP search:
dn=ou=Tenants,dc=example,dc=com, scope=2,
query=(&(objectClass=organizationalRole)(roleOccupant=cn=demo,ou=Users,dc=example,dc=com)),
attrs=None
2013-05-29 02:45:20DEBUG [keystone.common.wsgi]
RESPONSE HEADERS
2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Vary = X-Auth-Token
2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Type =
application/json
2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Length = 36
2013-05-29 02:45:20DEBUG [keystone.common.wsgi]
2013-05-29 02:45:20DEBUG [keystone.common.wsgi]
RESPONSE BODY
2013-05-29 02:45:20DEBUG [keystone.common.wsgi] {"tenants_links": [],
"tenants": []}
2013-05-29 02:45:20 INFO [access] 127.0.0.1 - - [28/May/2013:21:15:20
+] "GET http://127.0.0.1:5000/v2.0/tenants HTTP/1.0" 200 36
2013-05-29 02:45:20DEBUG [eventlet.wsgi.server] 127.0.0.1 - -
[29/May/2013 02:45:20] "GET /v2.0/tenants HTTP/1.1" 200 164 0.028584
And tenant config of keystone as follows;
tenant_tree_dn = ou=Tenants,dc=example,dc=com
tenant_objectclass = groupOfNames
tenant_id_attribute = cn
tenant_member_attribute = member
tenant_name_attribute = cn
tenant_domain_id_attribute = businessCategory
tenant_enabled_attribute = o
tenant_allow_create = True
tenant_allow_update = True
tenant_allow_delete = True
tenant_desc_attribute = description
*Any one have any suggestions??* It seems no tanents according to the log
"DEBUG [keystone.common.wsgi] {"tenants_links": [], "tenants": []} "
But i have enabled the user in the Tenant ldap group.
dn: cn=admin,ou=Tenants,dc=example,dc=com
objectClass: groupOfNames
cn: admin
o: True
businessCategory: default
description: Openstack admin Tenant
member: cn=demo,ou=Users,dc=example,dc=com
Thanks in advance..:)
On Mon, May 20, 2013 at 11:24 AM, yasith tharindu wrote:
> The question is posted on openstack ask page.
> https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/
>
> Error
>
> 2013-05-19 15:21:23ERROR [root] 'domain_id'
> Traceback (most recent call last):
> File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 236,
> in __call__
> result = method(context, **params)
> File "/usr/lib/python2.7/dist-packages/keystone/token/controllers.py", line
> 82, in authenticate
> core.validate_auth_info(self, context, user_ref, tenant_ref)
> File "/usr/lib/python2.7/dist-packages/keystone/token/core.py", line 84, in
> validate_auth_info
> user_ref['domain_id'])
> KeyError: 'domain_id'
>
> 2013-05-19 15:21:23DEBUG [keystone.common.wsgi] {"error": {"message": "An
> unexpected error prevented the server from fulfilling your request.
> 'domain_id'", "code": 500, "title": "Internal Server Error"}}
>
> Keystone config
>
> ==
> url = ldap://192.168.1.111
> user = cn=admin,dc=example,dc=com
> password = secret
> suffix = cn=example,cn=com
> use_dumb_member = False
> tree_dn = dc=example,dc=com
>
> user_tree_dn = ou=Users,dc=example,dc=com
> user_objectclass = inetOrgPerson
> user_id_attribute = cn
> user_name_attribute = sn
> user_pass_attribute =
[Openstack] How to configure Keystone with open LDAP + horizon on grizzly
The question is posted on openstack ask page.
https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/
Error
2013-05-19 15:21:23ERROR [root] 'domain_id'
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py",
line 236, in __call__
result = method(context, **params)
File "/usr/lib/python2.7/dist-packages/keystone/token/controllers.py",
line 82, in authenticate
core.validate_auth_info(self, context, user_ref, tenant_ref)
File "/usr/lib/python2.7/dist-packages/keystone/token/core.py", line
84, in validate_auth_info
user_ref['domain_id'])
KeyError: 'domain_id'
2013-05-19 15:21:23DEBUG [keystone.common.wsgi] {"error":
{"message": "An unexpected error prevented the server from fulfilling
your request. 'domain_id'", "code": 500, "title": "Internal Server
Error"}}
Keystone config
==
url = ldap://192.168.1.111
user = cn=admin,dc=example,dc=com
password = secret
suffix = cn=example,cn=com
use_dumb_member = False
tree_dn = dc=example,dc=com
user_tree_dn = ou=Users,dc=example,dc=com
user_objectclass = inetOrgPerson
user_id_attribute = cn
user_name_attribute = sn
user_pass_attribute = userPassword
user_allow_create = True
user_allow_update = True
user_enabled_attribute = enabled
user_enabled_default = True
user_domain_id_attribute = None
tenant_tree_dn = ou=Tenants,dc=example,dc=com
tenant_objectclass = groupOfNames
tenant_id_attribute = cn
tenant_member_attribute = member
tenant_name_attribute = ou
tenant_domain_id_attribute = None
tenant_allow_create = True
tenant_allow_update = True
role_tree_dn = ou=Roles,dc=example,dc=com
role_objectclass = groupOfNames
role_member_attribute = member
role_id_attribute = cn
role_name_attribute = ou
role_allow_create = True
role_allow_update = True
==
ldap config as follows.
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: example Inc
dc: example
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: c2VjcmV0
dn: ou=Users,dc=example,dc=com
ou: users
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
dn: ou=Roles,dc=example,dc=com
ou: roles
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
dn: ou=Tenants,dc=example,dc=com
ou: tenants
objectClass: organizationalUnit
dn: cn=demo,ou=Users,dc=example,dc=com
cn: demo
displayName: demo
givenName: demo
mail: d...@example.com
objectClass: inetOrgPerson
objectClass: top
sn: demo
uid: demo
userPassword:: c2VjcmV0
dn: cn=admin,ou=Roles,dc=example,dc=com
objectClass: groupOfNames
cn: admin
description: Openstack admin Role
member: cn=demo,ou=Users,dc=example,dc=com
dn: cn=admin,ou=Tenants,dc=example,dc=com
objectClass: groupOfNames
cn: admin
description: Openstack admin Tenant
member: cn=demo,ou=Users,dc=example,dc=com
I would really appreciate your help
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
