Hi, All<div> I have resolved this problem by add 'enabled' attribute to class groupOfNames of ldap schema, thanks all the same.</div><div><br></div><div><div><b>attributetype ( 2.5.4.66 NAME 'enabled'</b></div>
<div><b> DESC 'RFC2256: enabled of a group'</b></div><div><b> EQUALITY booleanMatch</b></div><div><b> SYNTAX 1.3.6.1.4.1.1466.115.121.1.7</b></div><div><b> SINGLE-VALUE )</b></div><div>
<br></div><div><div>objectclass ( 2.5.6.9 NAME 'groupOfNames'</div><div> DESC 'RFC2256: a group of names (DNs)'</div><div> SUP top STRUCTURAL</div><div> MUST ( member $ cn )</div><div>
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description $ <b>enabled </b>) )</div></div><br><div class="gmail_quote">2012/9/5 Yanping Xie <span dir="ltr"><<a href="mailto:irsxyp@gmail.com" target="_blank">irsxyp@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi, all<div><br></div><div>I am trying to setup keystone to use ldap as backend, but failed on creating the first tenant.</div>
<div><br></div><div><div># keystone tenant-create --name=admin</div><div>An unexpected error prevented the server from fulfilling your request. {'info': 'enabled: attribute type undefined', 'desc': 'Undefined attribute type'} (HTTP 500)</div>
</div><div><br></div><div><br></div><div>Here is my keystone config about ldap(snippets from keystone.log):</div><div>------------------------------------------------------</div><div><div>ldap.tenant_member_attribute = member</div>
<div>ldap.tenant_name_attribute = ou</div><div>ldap.tenant_objectclass = groupOfNames</div><div>ldap.tenant_tree_dn = ou=Group,dc=example,dc=com</div><div>ldap.url = ldap://182.xxx.29.250</div>
<div>ldap.use_dumb_member = False</div><div>ldap.user = cn=Manager,dc=example,dc=com</div><div>ldap.user_id_attribute = cn</div><div>ldap.user_name_attribute = sn</div><div>ldap.user_objectclass = inetOrgPerson</div>
<div>ldap.user_tree_dn = ou=User,dc=example,dc=com</div></div><div>------------------------------------------------------</div><div><br></div><div>Ldap server migration file to initialize ldap:</div><div>------------------------------------------------------</div>
<div><div>dn: dc=example,dc=com </div><div>objectClass: dcObject </div><div>objectClass: organization </div><div>dc: example </div><div>o: The Example Corporation </div></div><div><br></div><div>
<div>dn: ou=Group,dc=example,dc=com</div><div>ou: Group</div><div>objectClass: top</div><div>objectClass: organizationalUnit</div><div><br></div><div>dn: ou=User,dc=example,dc=com</div><div>ou: User</div><div>objectClass: top</div>
<div>objectClass: organizationalUnit</div><div><br></div><div>dn: ou=Role,dc=example,dc=com</div><div>objectClass: top</div><div>objectClass: organizationalUnit</div></div><div>------------------------------------------------------</div>
<div><br></div><div>Related keytone log is as follows:</div><div>---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div><div>2012-09-05 18:45:33 DEBUG [keystone.common.ldap.core] LDAP init: url=ldap://182.xxx.29.250</div><div><div>2012-09-05 18:45:33 DEBUG [keystone.common.ldap.core] LDAP bind: dn=cn=Manager,dc=example,dc=com</div>
<div>2012-09-05 18:45:33 DEBUG [keystone.common.ldap.core] LDAP add: dn=cn=7ab0c10b9fc04f89affb66e1650fc694,ou=Group,dc=example,dc=com, attrs=[('objectClass', ['groupOfNames']), (</div><div>'enabled', ['TRUE']), ('ou', ['admin']), ('member', ['cn=dumb,dc=nonexistent'])]</div>
<div>2012-09-05 18:45:33 ERROR [root] {'info': 'enabled: attribute type undefined', 'desc': 'Undefined attribute type'}</div></div><div><div>Traceback (most recent call last):</div><div>
File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 204, in __call__</div><div> result = method(context, **params)</div><div> File "/usr/lib/python2.6/site-packages/keystone/identity/core.py", line 397, in create_tenant</div>
<div> context, tenant_ref['id'], tenant_ref)</div><div> File "/usr/lib/python2.6/site-packages/keystone/common/manager.py", line 47, in _wrapper</div><div> return f(*args, **kw)</div><div> File "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py", line 208, in create_tenant</div>
<div> return self.tenant.create(tenant)</div><div> File "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py", line 492, in create</div><div> return super(TenantApi, self).create(data)</div>
<div> File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 179, in create</div><div> conn.add_s(self._id_to_dn(values['id']), attrs)</div><div> File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 310, in add_s</div>
<div> return self.conn.add_s(dn, ldap_attrs)</div><div> File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 194, in add_s</div><div> return self.result(msgid,all=1,timeout=self.timeout)</div>
<div> File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 436, in result</div><div> res_type,res_data,res_msgid = self.result2(msgid,all,timeout)</div><div> File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 440, in result2</div>
<div> res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)</div><div> File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 446, in result3</div><div> ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)</div>
<div> File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 96, in _ldap_call</div><div> result = func(*args,**kwargs)</div><div><b>UNDEFINED_TYPE: {'info': 'enabled: attribute type undefined', 'desc': 'Undefined attribute type'}</b></div>
</div><div>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div><br></div><div>And the ldap server log is as follows: </div><div>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div><div>Sep 5 18:45:33 ldaps slapd[7946]: conn=1011 op=1 ADD dn="cn=7ab0c10b9fc04f89affb66e1650fc694,ou=Group,dc=example,dc=com"</div><div>Sep 5 18:45:33 ldaps slapd[7946]: send_ldap_result: conn=1011 op=1 p=3</div>
<div>Sep 5 18:45:33 ldaps slapd[7946]: send_ldap_result: err=17 matched="" text="enabled: attribute type undefined"</div><div>Sep 5 18:45:33 ldaps slapd[7946]: send_ldap_response: msgid=2 tag=105 err=17</div>
<div><b>Sep 5 18:45:33 ldaps slapd[7946]: conn=1011 op=1 RESULT tag=105 err=17 text=enabled: attribute type undefined</b></div></div><div>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div><br></div><div><br></div><div>This problem makes me crazy for quite a while. Can anyone help me out? Really appricate your help.</div></div><div><br></div><div>Best Regards.</div><span><font color="#888888"><div>
<br></div><div>Yanping</div>
</font></span></blockquote></div><br></div>