<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 11/15/2013 11:15 AM, Ben Nemec
      wrote:<br>
    </div>
    <blockquote cite="mid:a8bfec9ea65793a38acf13035f720968@localhost"
      type="cite">
      <p>This list is for development discussion only.  Since this
        sounds like a question specific to RHEL, might I suggest you ask
        it on <a class="moz-txt-link-freetext" href="http://openstack.redhat.com/forum/">http://openstack.redhat.com/forum/</a> ?</p>
    </blockquote>
    <br>
    Nah, this is legit.<br>
    <br>
    <blockquote cite="mid:a8bfec9ea65793a38acf13035f720968@localhost"
      type="cite">
      <p>Thanks.</p>
      <p>-Ben</p>
      <p>On 2013-11-15 10:13, Abhishek Lahiri wrote:</p>
      <blockquote type="cite" style="padding-left:5px;
        border-left:#1010ff 2px solid; margin-left:5px"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
        <div dir="ltr"> </div>
        <div class="gmail_extra"><span style="-webkit-text-size-adjust:
            auto; background-color: rgba;"><br>
          </span>
          <div class="gmail_quote">
            <blockquote class="gmail_quote" style="margin: 0px 0px 0px
              0.8ex; border-left-width: 1px; border-left-color: #cccccc;
              border-left-style: solid; padding-left: 1ex;">
              <div dir="ltr"><span style="-webkit-text-size-adjust:
                  auto; background-color: rgba;">I have
                  installed openstack-keystone-2013.2-0.11.b3.el6.noarch
                  rpm and I added a active directory user "test123" with
                  role admin and tenant admin successfully. In
                  Keystone.conf identity is pointed to ldap and
                  assignment  is pointed to SQL. I sourced keystonerc
                  file with the correct credentials for user test123 and
                  then trying to run a keystone commands.</span>
                <div><span style="-webkit-text-size-adjust: auto;
                    background-color: rgba;"> </span></div>
                <div><span style="-webkit-text-size-adjust: auto;
                    background-color: rgba;">However when I run keystone
                    get-token if gives me the following error:</span></div>
                <div><span style="-webkit-text-size-adjust: auto;
                    background-color: rgba;">Authorization Failed: An
                    unexpected error prevented the server from
                    fulfilling your request. {'info': '000020D6: SvcErr:
                    DSID-031007DB, problem 5012 (DIR_ERROR), data 0\n',
                    'desc': 'Operations error'} (HTTP 500)<br>
                  </span></div>
              </div>
            </blockquote>
          </div>
        </div>
      </blockquote>
    </blockquote>
    So, yes, if you do not explicitly supply the assignements backend,
    and the frontend is specified to be LDAP, we assume the assignments
    backend is LDAP as well.   The reason is to avoid breaking backwards
    compat for people that already have LDAP working under Grizzly and
    are upgrading.<br>
    <br>
    <br>
    <blockquote cite="mid:a8bfec9ea65793a38acf13035f720968@localhost"
      type="cite">
      <blockquote type="cite" style="padding-left:5px;
        border-left:#1010ff 2px solid; margin-left:5px">
        <div class="gmail_extra">
          <div class="gmail_quote">
            <blockquote class="gmail_quote" style="margin: 0px 0px 0px
              0.8ex; border-left-width: 1px; border-left-color: #cccccc;
              border-left-style: solid; padding-left: 1ex;">
              <div dir="ltr">
                <div><span style="-webkit-text-size-adjust: auto;
                    background-color: rgba;"> </span></div>
                <div><span style="-webkit-text-size-adjust: auto;
                    background-color: rgba;">I am not sure why keystone
                    is still looking at the Active Directory for
                    authorization? </span></div>
              </div>
              <div class="HOEnZb"> </div>
            </blockquote>
          </div>
        </div>
        <br>
        <!-- html ignored --><br>
        <pre>_______________________________________________
OpenStack-dev mailing list
<a moz-do-not-send="true" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>
<a moz-do-not-send="true" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
      </blockquote>
      <p> </p>
      <div> </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OpenStack-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>