[Openstack-operators] Problems with OpenStack and LDAP

Rich Megginson rmeggins at redhat.com
Thu Aug 20 20:47:29 UTC 2015

On 08/17/2015 08:02 AM, Marc Pape wrote:
> Hello everybody,
> i've got some problems with our OpenStack (Juno) and the Integrate
> Identity Service over LDAP.
> The LDAP connection is read only, so i configured the [identity],
> [ldap] and [assignment] parts in keystone conf.
> The identity part use "driver =
> keystone.identity.backends.ldap.Identity" and assignment "driver =
> keystone.assignment.backends.sql.Assignment"
> Our goal is a user authentication via LDAP and project assignment in
> the internal SQL . It would be great if the service users of OpenStack
> are also stored in SQL, but they are also currently in the LDAP
> deposited.
> After restarting the Keystone Service authentication via LDAP is
> possible. The user get the message that no projects assigned to him.
> Now there are wto problems. How can you log in as admin to assign
> projects and keystone said that it couldn't find the service user like
> ceilometer, neutron and so on.
> I've followed the instructions on docs.openstack.org 
> <http://docs.openstack.org> for Identity
> management, but i didn't find any notices about that problems.

Does this help?  http://richmegginson.livejournal.com/25846.html

> Many greetings and thanks for a possible answer
> Marc
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150820/0b764d3a/attachment.html>

More information about the OpenStack-operators mailing list