<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 12/11/2012 04:15 AM, yasith tharindu
wrote:<br>
</div>
<blockquote
cite="mid:CAMpRDc6-6uRv+TBUKga+C0+ZdnzZywz+wDVmuKBCoDOUa6POhg@mail.gmail.com"
type="cite">
<div>Hi Team;</div>
<div><br>
</div>
<div><br>
</div>
<div>I was trying to configure ldap + keystone but it seems not
working. I feel like authentication is successful but horizon
return me python error. Im unable to trace as its does not give
any detail. Following I have attached the error, ldap dump,
keystone config. I would really appreciate if you can note me
down any configuration error.</div>
</blockquote>
<br>
<br>
<blockquote
cite="mid:CAMpRDc6-6uRv+TBUKga+C0+ZdnzZywz+wDVmuKBCoDOUa6POhg@mail.gmail.com"
type="cite">
<div><br>
</div>
<div>My nova version is:: 2012.2
(2012.2-LOCALBRANCH:LOCALREVISION)</div>
<div><br>
</div>
<div>If its wrong password it returns, "Invalid user name or
password."</div>
</blockquote>
That sounds right<br>
<br>
<br>
<blockquote
cite="mid:CAMpRDc6-6uRv+TBUKga+C0+ZdnzZywz+wDVmuKBCoDOUa6POhg@mail.gmail.com"
type="cite">
<div> When type correct credentials but user not in the any of
"Group" it return "You are not authorized for any projects." </div>
</blockquote>
<br>
Yes<br>
<br>
<blockquote
cite="mid:CAMpRDc6-6uRv+TBUKga+C0+ZdnzZywz+wDVmuKBCoDOUa6POhg@mail.gmail.com"
type="cite">
<div>When type correct credentials and the user is a member of a
group (eg: cn=demo,ou=Groups,dc=example,dc=com), It returns
following error.</div>
</blockquote>
It looks like some poor error handling in Horizon, to start. The
Key error means token.tenant['name'] is not defined in the object.
Which probably means that it doesn't have a real token or
something. I'm guessing that token.tenant is None at this point.<br>
<br>
<br>
Does it work from the Keystone CLI? Isolate your problem, is it
Keystone, or is it Horizon.<br>
<br>
<blockquote
cite="mid:CAMpRDc6-6uRv+TBUKga+C0+ZdnzZywz+wDVmuKBCoDOUa6POhg@mail.gmail.com"
type="cite">
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>################### The error ########################</div>
<div><br>
</div>
<div>KeyError at /auth/login/</div>
<div>'name'</div>
<div>Request Method:<span class="Apple-tab-span"
style="white-space:pre"> </span>POST</div>
<div>Request URL:<span class="Apple-tab-span"
style="white-space:pre"> </span><a moz-do-not-send="true"
href="https://192.168.25.240/auth/login/">https://192.168.25.240/auth/login/</a></div>
<div>Django Version:<span class="Apple-tab-span"
style="white-space:pre"> </span>1.4.1</div>
<div>Exception Type:<span class="Apple-tab-span"
style="white-space:pre"> </span>KeyError</div>
<div>Exception Value:<span class="Apple-tab-span"
style="white-space:pre"> </span></div>
<div>'name'</div>
<div>Exception Location:<span class="Apple-tab-span"
style="white-space:pre"> </span>/usr/lib/python2.7/dist-packages/openstack_auth/user.py
in create_user_from_token, line 25</div>
<div>Python Executable:<span class="Apple-tab-span"
style="white-space:pre"> </span>/usr/bin/python</div>
<div>Python Version:<span class="Apple-tab-span"
style="white-space:pre"> </span>2.7.3</div>
<div>Python Path:<span class="Apple-tab-span"
style="white-space:pre"> </span></div>
<div>['/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../..',</div>
<div> '/usr/share/openstack-dashboard/openstack_dashboard',</div>
<div> '/usr/lib/python2.7',</div>
<div> '/usr/lib/python2.7/plat-linux2',</div>
<div> '/usr/lib/python2.7/lib-tk',</div>
<div> '/usr/lib/python2.7/lib-old',</div>
<div> '/usr/lib/python2.7/lib-dynload',</div>
<div> '/usr/local/lib/python2.7/dist-packages',</div>
<div> '/usr/lib/python2.7/dist-packages',</div>
<div> '/usr/lib/pymodules/python2.7',</div>
<div> '/usr/share/openstack-dashboard/']</div>
<div><br>
</div>
<div><br>
</div>
<div>Environment:</div>
<div><br>
</div>
<div><br>
</div>
<div>Request Method: POST</div>
<div>
Request URL: <a moz-do-not-send="true"
href="https://192.168.25.240/auth/login/">https://192.168.25.240/auth/login/</a></div>
<div><br>
</div>
<div>Django Version: 1.4.1</div>
<div>Python Version: 2.7.3</div>
<div>Installed Applications:</div>
<div>('openstack_dashboard',</div>
<div> 'django.contrib.contenttypes',</div>
<div> 'django.contrib.auth',</div>
<div> 'django.contrib.sessions',</div>
<div> 'django.contrib.messages',</div>
<div> 'django.contrib.staticfiles',</div>
<div> 'django.contrib.humanize',</div>
<div> 'compressor',</div>
<div> 'horizon',</div>
<div> 'horizon.dashboards.nova',</div>
<div> 'horizon.dashboards.syspanel',</div>
<div> 'horizon.dashboards.settings',</div>
<div> 'openstack_auth')</div>
<div>Installed Middleware:</div>
<div>('django.middleware.common.CommonMiddleware',</div>
<div> 'django.middleware.csrf.CsrfViewMiddleware',</div>
<div> 'django.contrib.sessions.middleware.SessionMiddleware',</div>
<div> 'django.contrib.auth.middleware.AuthenticationMiddleware',</div>
<div> 'django.contrib.messages.middleware.MessageMiddleware',</div>
<div> 'horizon.middleware.HorizonMiddleware',</div>
<div> 'django.middleware.doc.XViewMiddleware',</div>
<div> 'django.middleware.locale.LocaleMiddleware')</div>
<div><br>
</div>
<div><br>
</div>
<div>Traceback:</div>
<div>File
"/usr/lib/python2.7/dist-packages/django/core/handlers/base.py"
in get_response</div>
<div>
111. response = callback(request,
*callback_args, **callback_kwargs)</div>
<div>File
"/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py"
in sensitive_post_parameters_wrapper</div>
<div> 69. return view(request, *args, **kwargs)</div>
<div>File
"/usr/lib/python2.7/dist-packages/django/utils/decorators.py" in
_wrapped_view</div>
<div> 91. response = view_func(request,
*args, **kwargs)</div>
<div>File
"/usr/lib/python2.7/dist-packages/django/views/decorators/cache.py"
in _wrapped_view_func</div>
<div> 89. response = view_func(request, *args, **kwargs)</div>
<div>File
"/usr/lib/python2.7/dist-packages/openstack_auth/views.py" in
login</div>
<div> 50. extra_context=extra_context)</div>
<div>File
"/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py"
in sensitive_post_parameters_wrapper</div>
<div> 69. return view(request, *args, **kwargs)</div>
<div>File
"/usr/lib/python2.7/dist-packages/django/utils/decorators.py" in
_wrapped_view</div>
<div> 91. response = view_func(request,
*args, **kwargs)</div>
<div>File
"/usr/lib/python2.7/dist-packages/django/views/decorators/cache.py"
in _wrapped_view_func</div>
<div> 89. response = view_func(request, *args, **kwargs)</div>
<div>File
"/usr/lib/python2.7/dist-packages/django/contrib/auth/views.py"
in login</div>
<div> 36. if form.is_valid():</div>
<div>File "/usr/lib/python2.7/dist-packages/django/forms/forms.py"
in is_valid</div>
<div> 124. return self.is_bound and not bool(self.errors)</div>
<div>File "/usr/lib/python2.7/dist-packages/django/forms/forms.py"
in _get_errors</div>
<div> 115. self.full_clean()</div>
<div>
File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in
full_clean</div>
<div> 271. self._clean_form()</div>
<div>File "/usr/lib/python2.7/dist-packages/django/forms/forms.py"
in _clean_form</div>
<div> 299. self.cleaned_data = self.clean()</div>
<div>File
"/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py"
in sensitive_variables_wrapper</div>
<div> 34. return func(*args, **kwargs)</div>
<div>File
"/usr/lib/python2.7/dist-packages/openstack_auth/forms.py" in
clean</div>
<div> 57.
auth_url=region)</div>
<div>File
"/usr/lib/python2.7/dist-packages/django/contrib/auth/__init__.py"
in authenticate</div>
<div> 45. user = backend.authenticate(**credentials)</div>
<div>File
"/usr/lib/python2.7/dist-packages/openstack_auth/backend.py" in
authenticate</div>
<div> 113. user = create_user_from_token(request, token,
client.management_url)</div>
<div>File
"/usr/lib/python2.7/dist-packages/openstack_auth/user.py" in
create_user_from_token</div>
<div> 25. tenant_name=token.tenant['name'],</div>
<div><br>
</div>
<div>Exception Type: KeyError at /auth/login/</div>
<div>Exception Value: 'name'</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>########################My LDAP dump #####################</div>
<div>dn: dc=example,dc=com</div>
<div>objectClass: top</div>
<div>objectClass: dcObject</div>
<div>objectClass: organization</div>
<div>o: example Inc</div>
<div>dc: example</div>
<div>structuralObjectClass: organization</div>
<div><br>
</div>
<div><br>
</div>
<div>dn: cn=admin,dc=example,dc=com</div>
<div>objectClass: simpleSecurityObject</div>
<div>objectClass: organizationalRole</div>
<div>cn: admin</div>
<div>description: LDAP administrator</div>
<div>userPassword::
e1NTSEF9cGgrencraEZDWlFDNmR2bmEyM2kyb2RVWXdsK0FlSWg=</div>
<div><br>
</div>
<div>dn: ou=Groups,dc=example,dc=com</div>
<div>ou: groups</div>
<div>objectClass: organizationalUnit</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>dn: ou=Users,dc=example,dc=com</div>
<div>ou: users</div>
<div>objectClass: organizationalUnit</div>
<div><br>
</div>
<div><br>
</div>
<div>dn: ou=Roles,dc=example,dc=com</div>
<div>ou: roles</div>
<div>objectClass: organizationalUnit</div>
<div>dn: cn=yasith,ou=Users,dc=example,dc=com</div>
<div>cn: yasith</div>
<div>displayName: yasith</div>
<div>givenName: yasith</div>
<div>mail: <a moz-do-not-send="true"
href="mailto:yasith@example.com">yasith@example.com</a></div>
<div>objectClass: inetOrgPerson</div>
<div>objectClass: top</div>
<div>
sn: yasith</div>
<div>uid: yasith</div>
<div>userPassword:: YWJjMTIz</div>
<div><br>
</div>
<div>dn: cn=demo,ou=Users,dc=example,dc=com</div>
<div>cn: demo</div>
<div>displayName: demo</div>
<div>givenName: demo</div>
<div>mail: <a moz-do-not-send="true"
href="mailto:demo@example.com">demo@example.com</a></div>
<div>objectClass: inetOrgPerson</div>
<div>objectClass: top</div>
<div>sn: demo</div>
<div>uid: demo</div>
<div>userPassword:: YWJjMTIz</div>
<div><br>
</div>
<div>dn: cn=tharindu,ou=Users,dc=example,dc=com</div>
<div>cn: tharindu</div>
<div>displayName: tharindu</div>
<div>givenName: tharindu</div>
<div>mail: <a moz-do-not-send="true"
href="mailto:tharindu@example.com">tharindu@example.com</a></div>
<div>objectClass: inetOrgPerson</div>
<div>objectClass: top</div>
<div>sn: tharindu</div>
<div>uid: tharindu</div>
<div>userPassword:: YWJjMTIz</div>
<div><br>
</div>
<div>dn: cn=demo,ou=Groups,dc=example,dc=com</div>
<div>cn: demo</div>
<div>member: cn=demo,ou=Users,dc=example,dc=com</div>
<div>member: cn=yasith,ou=Users,dc=example,dc=com</div>
<div>objectClass: groupOfNames</div>
<div><br>
</div>
<div><br>
</div>
<div>dn: cn=Member,ou=Roles,dc=example,dc=com</div>
<div>cn: member</div>
<div>description: Role associated with openstack users</div>
<div>objectClass: organizationalRole</div>
<div>roleOccupant: cn=demo,ou=Users,dc=example,dc=com</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>######### Keystone Config
#######################################</div>
<div><br>
</div>
<div><br>
</div>
<div>[ldap]</div>
<div>url = <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"
href="http://10.100.0.10">10.100.0.10</a></div>
<div>tree_dn = dc=example,dc=com</div>
<div>user_tree_dn = ou=Users,dc=example,dc=com</div>
<div>role_tree_dn = ou=Roles,dc=example,dc=com</div>
<div>tenant_tree_dn = ou=Groups,dc=example,dc=com</div>
<div>user = cn=admin,dc=example,dc=com</div>
<div>password = admin123</div>
<div>suffix = cn=example,cn=com</div>
<div><br>
</div>
<div>[identity]</div>
<div>driver = keystone.identity.backends.ldap.Identity</div>
<div><br>
</div>
<div><br>
</div>
<div>[catalog]</div>
<div>driver = keystone.catalog.backends.sql.Catalog</div>
<div><br>
</div>
<div>[token]</div>
<div>driver = keystone.token.backends.sql.Token</div>
<div><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
More help : <a class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
</body>
</html>