Open Stack

This is what i have

In /etc/keystone/keystone.conf

[identity]
driver = sql
domain_config_dir = /etc/keystone/domains
domain_specific_drivers_enabled = True

In /etc/keystone/domains/keystone.myldapdomain.conf

[identity]
driver = ldap

[ldap]
group_allow_create = False
group_allow_delete = False
group_allow_update = False
group_id_attribute = cn
...
...
...
<<omitted>>


On Thu, Feb 4, 2021 at 9:10 AM Midhunlal Nb <midhunlaln66 at gmail.com> wrote:
>
> Hi satish,
> Thank you so much for your response!Here I am pasting my ldap configuration what i done in keystone.conf,please check and let me know what changes i need to make,also please tell me what are all the new entries i need to add in LDAP.
>       I have been struggling with this issue for the last 2 month,please help me.
>
> 1.[identity]
> driver = ldap
> 2.[ldap]
> url = ldap://192.168.x.xx
> user = cn=admin,dc=blr,dc=ind,dc=company,dc=com
> password = xxxxx
> suffix = dc=company,dc=com
> query_scope = sub
> page_size = 2000
> alias_dereferencing = default
> #chase_referrals = false
> chase_referrals = false
> debug_level = 0
> use_pool = true
> pool_size = 10
> pool_retry_max = 3
> pool_retry_delay = 0.1
> pool_connection_timeout = -1
> pool_connection_lifetime = 600
> use_auth_pool = false
> auth_pool_size = 100
> auth_pool_connection_lifetime = 60
> user_id_attribute      = cn
> user_name_attribute    = sn
> user_mail_attribute    = mail
> user_pass_attribute    = userPassword
> user_enabled_attribute = userAccountControl
> user_enabled_mask      = 2
> user_enabled_invert    = false
> user_enabled_default   = 512
> user_default_project_id_attribute =
> user_additional_attribute_mapping =
>
> group_id_attribute     = cn
> group_name_attribute   = ou
> group_member_attribute = member
> group_desc_attribute   = description
> group_additional_attribute_mapping =
>
>
> user_tree_dn = ou=people,dc=blr,dc=ind,dc=company,dc=com
> user_objectclass = inetOrgPerson
>
> group_tree_dn = ou=group,dc=blr,dc=ind,dc=company,dc=com
> group_objectclass = organizationalUnit
>
> This is the configuration I have in my keystone.conf file for ldap integration.
>
> Thanks & Regards
> Midhunlal N B
> +918921245637
>
>
> On Thu, Feb 4, 2021 at 7:10 PM Satish Patel <satish.txt at gmail.com> wrote:
>>
>> Default all group/role/project/user information in SQL but when you say use LDAP then it’s trying to find those information in LDAP, do you have all those information in LDAP? ( assuming not that is why you getting that error)
>>
>> You should tell your openstack use LDAP for only authentication for user information and look for remaining roles/project etc in SQL That is what I’m running in my cloud and everything works.
>>
>> Full LDAP integration is little complicated that is why I pick partial method.
>>
>> Sent from my iPhone
>>
>> > On Feb 4, 2021, at 7:16 AM, Midhunlal Nb <midhunlaln66 at gmail.com> wrote:
>> >
>> > 
>> >   Hi all,
>> >
>> > Before ldap integration openstack working properly but if i set "driver = ldap" in keystone.conf under [identity] section nothing is working for me,I am not able run any openstack command and also not able to create any project or domain or user.If remove "driver = ldap" entry everything working back normally
>> > please help me on this issue.
>> >
>> > If i run admin-openrc file I am getting below error;
>> >
>> > root at controller:~/client-scripts# openstack image list
>> > The request you have made requires authentication. (HTTP 401)
>> > (Request-ID: req-bdcde4be-5b62-4454-9084-19324603d0ce)
>> >
>> > Please help me .Where I am making mistakes?
>> >
>> > Thanks & Regards
>> > Midhunlal N B
>> > +918921245637