
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">On 11/29/2012 11:47 PM, yasith tharindu

      wrote:<br>

    </div>

    <blockquote

cite="mid:CAMpRDc7aT=2+Mk5Y_wLGNKyTMNt1=QBNr8RVbuf4yS9FsHDTwg@mail.gmail.com"

      type="cite"><br>

      <div class="gmail_quote"><br>

        I was trying to enable enable keystone with ldap. but always

        return me with a  this error. "<b>Error: </b>Invalid user name

        or password." and no log trace can be found.<br>

      </div>

    </blockquote>

    <br>

    All I can say is it looks correct enough, but you obviosuly have a

    problem in your LDAP to Keystone configuration.  Authentication to

    LDAP is done using a simple bind, based on what you have for the

    user_tree_dn.  Make sure you can do that same bind from a command

    line LDAP tool.<br>

    <br>

    <blockquote

cite="mid:CAMpRDc7aT=2+Mk5Y_wLGNKyTMNt1=QBNr8RVbuf4yS9FsHDTwg@mail.gmail.com"

      type="cite">

      <div class="gmail_quote"><br>

        my keystone config as following<br>

        <br>

        <br>

        [ldap]<br>

        url = <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"

          href="http://ldap.example.org" target="_blank">ldap.example.org</a><br>

        tree_dn = dc=ldap,dc=example,dc=org<br>

        user_tree_dn = ou=user,dc=ldap,dc=example,dc=org<br>

        tenant_tree_dn = ou=group,dc=ldap,dc=example,dc=org<br>

        user = uid=ldapuser,ou=user,dc=ldap,dc=example,dc=org<br>

        password = password<br>

        suffix = dc=ldap,dc=example,dc=org<br>

        user_name_attribute = uid<br>

        <br>

        <br>

        [identity]<br>

        driver = keystone.identity.backends.ldap.Identity<br>

        <br>

        <br>

        <br>

        <br>

        I have few questions.<br>

        <br>

        what am i missing here.<br>

        what is the purpose of "role_tree_dn" config does that

        necessarily needed.<br>

        can we enable logs.<br>

        there are many groups under tenant_tree_dn do I have to setup

        which group to look at.<br>

        Is there a sample ldap ldif file and keystone config to loook

        at?<br>

        <br>

        Thanks<span class="HOEnZb"><font color="#888888"><br>

            <br clear="all">

            <br>

            -- <br>

            Thanks..<br>

            Regards...<br>

            <br>

            Blog: <a moz-do-not-send="true"

              href="http://www.yasith.info" target="_blank">http://www.yasith.info</a><br>

            Twitter : <a moz-do-not-send="true"

              href="http://twitter.com/yasithnd" target="_blank">http://twitter.com/yasithnd</a><br>

            LinkedIn : <a moz-do-not-send="true"

              href="http://www.linkedin.com/in/yasithnd" target="_blank">http://www.linkedin.com/in/yasithnd</a><br>

            <div>

              GPG Key ID : <b>57CEE66E</b></div>

            <br>

          </font></span></div>

      <br>

      <br>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

Mailing list: <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>

Post to     : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>

Unsubscribe : <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>

More help   : <a class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>

</pre>

    </blockquote>

    <br>

  </body>

</html>