LDAP integration with openstack

Satish Patel satish.txt at gmail.com
Thu Feb 4 18:24:46 UTC 2021 

check out my blog for full deployment of LDAP -
https://satishdotpatel.github.io/openstack-ldap-integration/

On Thu, Feb 4, 2021 at 10:35 AM Midhunlal Nb <midhunlaln66 at gmail.com> wrote:
>
> Hi sathish,
> Once you are free,please reply to my doubts,I believe that I can solve this issue with your solution.
>
> Thanks & Regards
> Midhunlal N B
> +918921245637
>
>
> On Thu, Feb 4, 2021 at 8:14 PM Midhunlal Nb <midhunlaln66 at gmail.com> wrote:
>>
>> Hi Satish,
>> I have some doubt in your configuration
>> 1.In keystone, "domains" directory and "keystone.myldapdomain.conf "file i need to create right?
>>
>> 2.In [ldap] section
>> url = ldap://192.168.x.xx
>> user = cn=admin,dc=blr,dc=ind,dc=company,dc=com
>> password = xxxxx
>> suffix = dc=company,dc=com
>> I need to add or no need?if not how does openstack connect to my ldap?please reply me.
>>
>> Thanks & Regards
>> Midhunlal N B
>> +918921245637
>>
>>
>> On Thu, Feb 4, 2021 at 7:58 PM Satish Patel <satish.txt at gmail.com> wrote:
>>>
>>> This is what i have
>>>
>>> In /etc/keystone/keystone.conf
>>>
>>> [identity]
>>> driver = sql
>>> domain_config_dir = /etc/keystone/domains
>>> domain_specific_drivers_enabled = True
>>>
>>> In /etc/keystone/domains/keystone.myldapdomain.conf
>>>
>>> [identity]
>>> driver = ldap
>>>
>>> [ldap]
>>> group_allow_create = False
>>> group_allow_delete = False
>>> group_allow_update = False
>>> group_id_attribute = cn
>>> ...
>>> ...
>>> ...
>>> <<omitted>>
>>>
>>>
>>> On Thu, Feb 4, 2021 at 9:10 AM Midhunlal Nb <midhunlaln66 at gmail.com> wrote:
>>> >
>>> > Hi satish,
>>> > Thank you so much for your response!Here I am pasting my ldap configuration what i done in keystone.conf,please check and let me know what changes i need to make,also please tell me what are all the new entries i need to add in LDAP.
>>> >       I have been struggling with this issue for the last 2 month,please help me.
>>> >
>>> > 1.[identity]
>>> > driver = ldap
>>> > 2.[ldap]
>>> > url = ldap://192.168.x.xx
>>> > user = cn=admin,dc=blr,dc=ind,dc=company,dc=com
>>> > password = xxxxx
>>> > suffix = dc=company,dc=com
>>> > query_scope = sub
>>> > page_size = 2000
>>> > alias_dereferencing = default
>>> > #chase_referrals = false
>>> > chase_referrals = false
>>> > debug_level = 0
>>> > use_pool = true
>>> > pool_size = 10
>>> > pool_retry_max = 3
>>> > pool_retry_delay = 0.1
>>> > pool_connection_timeout = -1
>>> > pool_connection_lifetime = 600
>>> > use_auth_pool = false
>>> > auth_pool_size = 100
>>> > auth_pool_connection_lifetime = 60
>>> > user_id_attribute      = cn
>>> > user_name_attribute    = sn
>>> > user_mail_attribute    = mail
>>> > user_pass_attribute    = userPassword
>>> > user_enabled_attribute = userAccountControl
>>> > user_enabled_mask      = 2
>>> > user_enabled_invert    = false
>>> > user_enabled_default   = 512
>>> > user_default_project_id_attribute =
>>> > user_additional_attribute_mapping =
>>> >
>>> > group_id_attribute     = cn
>>> > group_name_attribute   = ou
>>> > group_member_attribute = member
>>> > group_desc_attribute   = description
>>> > group_additional_attribute_mapping =
>>> >
>>> >
>>> > user_tree_dn = ou=people,dc=blr,dc=ind,dc=company,dc=com
>>> > user_objectclass = inetOrgPerson
>>> >
>>> > group_tree_dn = ou=group,dc=blr,dc=ind,dc=company,dc=com
>>> > group_objectclass = organizationalUnit
>>> >
>>> > This is the configuration I have in my keystone.conf file for ldap integration.
>>> >
>>> > Thanks & Regards
>>> > Midhunlal N B
>>> > +918921245637
>>> >
>>> >
>>> > On Thu, Feb 4, 2021 at 7:10 PM Satish Patel <satish.txt at gmail.com> wrote:
>>> >>
>>> >> Default all group/role/project/user information in SQL but when you say use LDAP then it’s trying to find those information in LDAP, do you have all those information in LDAP? ( assuming not that is why you getting that error)
>>> >>
>>> >> You should tell your openstack use LDAP for only authentication for user information and look for remaining roles/project etc in SQL That is what I’m running in my cloud and everything works.
>>> >>
>>> >> Full LDAP integration is little complicated that is why I pick partial method.
>>> >>
>>> >> Sent from my iPhone
>>> >>
>>> >> > On Feb 4, 2021, at 7:16 AM, Midhunlal Nb <midhunlaln66 at gmail.com> wrote:
>>> >> >
>>> >> > 
>>> >> >   Hi all,
>>> >> >
>>> >> > Before ldap integration openstack working properly but if i set "driver = ldap" in keystone.conf under [identity] section nothing is working for me,I am not able run any openstack command and also not able to create any project or domain or user.If remove "driver = ldap" entry everything working back normally
>>> >> > please help me on this issue.
>>> >> >
>>> >> > If i run admin-openrc file I am getting below error;
>>> >> >
>>> >> > root at controller:~/client-scripts# openstack image list
>>> >> > The request you have made requires authentication. (HTTP 401)
>>> >> > (Request-ID: req-bdcde4be-5b62-4454-9084-19324603d0ce)
>>> >> >
>>> >> > Please help me .Where I am making mistakes?
>>> >> >
>>> >> > Thanks & Regards
>>> >> > Midhunlal N B
>>> >> > +918921245637

More information about the openstack-discuss mailing list