On Mon 18 Nov 2013 11:41:41 AM PST, Avi L wrote:
> Our AD server does not allow anonymous browse so I am sure that when
[...]
This discussion is OFF TOPIC on this list.
This list for the developers of OpenStack to discuss development issues
and roadmap.
It is focused on the next release of Open
On Mon, Nov 18, 2013 at 6:51 AM, Adam Young wrote:
>
>
> ADMIN Token does no authentication against the back end. It is a
> bootstrap method for setting up Keystone, nothing else. It should be
> disabled as soon as you can authenticate via AD.
>
> I don't think you have successfully authenticat
On 11/15/2013 07:39 PM, Avi L wrote:
However when I run keystone user-list if gives me the following
error:
Authorization Failed: An unexpected error prevented the server
from fulfilling your request. {'info': '20D6: SvcErr:
DSID-031007DB, problem 5012 (DIR_ERROR), data
Hi,
On Fri, Nov 15, 2013 at 2:58 PM, Adam Young wrote:
> On 11/14/2013 07:37 PM, Avi L wrote:
>
> I have installed openstack-keystone-2013.2-0.11.b3.el6.noarch rpm and I
> added a active directory user "test123" with role admin and tenant admin
> successfully.
>
> However when I run keystone u
On 11/14/2013 07:37 PM, Avi L wrote:
I have installed openstack-keystone-2013.2-0.11.b3.el6.noarch rpm and
I added a active directory user "test123" with role admin and tenant
admin successfully.
However when I run keystone user-list if gives me the following error:
Authorization Failed: An un
Just to clarify I am running keystone user-list with keystonerc file
sourced and containing the correct credentials for test123,
On Thu, Nov 14, 2013 at 4:37 PM, Avi L wrote:
> I have installed openstack-keystone-2013.2-0.11.b3.el6.noarch rpm and I
> added a active directory user "test123" with
I have installed openstack-keystone-2013.2-0.11.b3.el6.noarch rpm and I
added a active directory user "test123" with role admin and tenant admin
successfully.
However when I run keystone user-list if gives me the following error:
Authorization Failed: An unexpected error prevented the server from
Thanks for your help. So in this case the uid parameter to user-role-add
will be any of the AD attribute that I specify in the keystone.conf file ,
i.e sAMAccountname? Also I assume that in this case there will be no
entries of the user in the local sql users table , nor would any id
assigned to in
You can assign roles to users in keystoneclient ($ keystone help
user-role-add) -- the assignment would be persisted in SQL. openstackclient
supports assignments to groups as well if you switch to
--identity-api-version=3
On Wed, Nov 13, 2013 at 3:08 PM, Avi L wrote:
> Oh ok so in this case how
Oh ok so in this case how does the Active Directory user gets a id , and
how do you map the user to a role? Is there any example you can point me
to?
On Wed, Nov 13, 2013 at 11:24 AM, Dolph Mathews wrote:
> Yes, that's the preferred approach in Havana: Users and Groups via LDAP,
> and everything
Yes, that's the preferred approach in Havana: Users and Groups via LDAP,
and everything else via SQL.
On Wednesday, November 13, 2013, Avi L wrote:
> Hi,
>
> I understand that the LDAP provider in keystone can be used for
> authenticating a user (i.e validate username and password) , and it also
Hi,
I understand that the LDAP provider in keystone can be used for
authenticating a user (i.e validate username and password) , and it also
authorize it against roles and tenant. However this requires AD schema
modification. Is it possible to use AD only for authentication and then use
keystone's
12 matches
Mail list logo
