[Openstack-operators] How to manage keystone identity service with ldap backend

Verga Emanuele verga.emanuele at gmail.com
Thu Jul 12 08:32:50 UTC 2012


Hi everyone,

I'm currently trying to implent a test configuration of keystone using ldap
as backend.
I've configured everything following  those instructions (
http://docs.openstack.org/developer/keystone/configuration.html#configuring-the-ldap-identity-provider),
but if I try to create a new tenant named service (keystone tenant-create
--name service )the creation fails and I get the following error:

An unexpected error prevented the server from fulfilling your request.
{'info': 'enabled: attribute type undefined', 'desc': 'Undefined attribute
type'} (HTTP 500)
Other keystone client commands fail too.

According to this post (
http://www.gossamer-threads.com/lists/openstack/dev/12444?do=post_view_threaded)no
custom ldap schema should be required.

What I'm not sure about is if this is expected behavior (I.E. Does the
keystone client only works with a SQL backend?) or do I have some error in
my implementation?
Also, if the keystone client only works with an SQL backend how should I
manage users, roles, tenants etc?

Thanks in advance for the help

Emanuele
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20120712/da094c57/attachment.html>


More information about the Openstack-operators mailing list