[Openstack] enforce admin_required with LDAP admin user
Sharif Islam
islamsh at indiana.edu
Tue May 22 15:47:52 UTC 2012
I think my LDAP bind is working by tenant-list and user-list gives me
admin_required error.
Looks like the LDAP admin user does not have any roles. is that the issue?
# keystone discover
Keystone found at http://localhost:5000/v2.0/
- supports version v2.0 (beta) here http://149.165.159.121:5000/v2.0/
root at i121:~# keystone service-list
+----+------+------+-------------+
| id | name | type | description |
+----+------+------+-------------+
+----+------+------+-------------+
root at i121:~# keystone user-list
No handlers could be found for logger "keystoneclient.client"
You are not authorized to perform the requested action: admin_required
(HTTP 403)
root at i121:~# keystone tenant-list
No handlers could be found for logger "keystoneclient.client"
You are not authorized to perform the requested action: admin_required
(HTTP 403)
> keystone.common.ldap.core): 2012-05-22 11:36:02,263 DEBUG LDAP init: url=ldap://ldap.project.org
> (keystone.common.ldap.core): 2012-05-22 11:36:02,263 DEBUG LDAP bind: dn=uid=user,ou=People,dc=project,dc=org
> (keystone.common.ldap.core): 2012-05-22 11:36:02,271 DEBUG LDAP search: dn=ou=ostenants,dc=project,dc=org, scope=1, query=(&(member=uid=admin,ou=People,dc=project,dc=org)(objectClass=groupOfNames))
> (root): 2012-05-22 11:36:02,425 DEBUG TOKEN_REF {'id': 'dfc4b2ecexxxd014x280d91efeecda06', 'expires': datetime.datetime(2012, 5, 23, 15, 36, 2, 274565), 'user': {'id': 'admin', 'name': 'admin'}, 'tenant': {'id': 'admin', 'name': 'admin'}, 'metadata': {}}
> (eventlet.wsgi.server): 2012-05-22 11:36:02,426 DEBUG 127.0.0.1 - - [22/May/2012 11:36:02] "POST /v2.0/tokens HTTP/1.1" 200 1762 0.166139
> (keystone.policy.backends.rules): 2012-05-22 11:36:02,439 DEBUG enforce admin_required: {'tenant_id': u'admin', 'user_id': u'admin', 'roles': []}
--sharif
More information about the Openstack
mailing list