<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="GENERATOR" content="GtkHTML/4.8.1">

</head>

<body>

Hi,<br>

<br>

I was trying to integrate our test Icehouse openstack environment into the AD (Active Directory) in order to pilot user management through the AD. I've read official documentations regarding the topic :<br>

<br>

<a href="http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html">http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html</a><br>

<a href="https://wiki.openstack.org/wiki/HowtoIntegrateKeystonewithAD#Configuration_on_Keystone">https://wiki.openstack.org/wiki/HowtoIntegrateKeystonewithAD#Configuration_on_Keystone</a><br>

<a href="http://openstack.redhat.com/Keystone_integration_with_IDM">http://openstack.redhat.com/Keystone_integration_with_IDM</a><br>

<br>

All the above docs only explain just the keystone part. But, there is no doc how exactly the AD side should be configured.

<br>

<br>

Anyway, I've managed to come to a point where having the following error in keystone.log :<br>

<br>

2014-06-18 10:56:35.024 1706 DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth context. process_request /usr/lib/python2.6/site-packages/keystone/middleware/core.py:271<br>

2014-06-18 10:56:35.063 1706 DEBUG keystone.common.wsgi [-] arg_dict: {} __call__ /usr/lib/python2.6/site-packages/keystone/common/wsgi.py:181<br>

2014-06-18 10:56:35.065 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.066 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.069 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.076 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=OU=iaas,OU=Other,DC=test,DC=local, scope=2, query=(&(sAMAccountName=nova)(objectClass=Person)), attrs=['userPassword', 'userAccountControl', 'sAMAccountName', 'mail'] search_s

 /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:35.079 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.081 1706 DEBUG keystone.notifications [-] CADF Event: {'typeURI': '<a href="http://schemas.dmtf.org/cloud/audit/1.0/event',">http://schemas.dmtf.org/cloud/audit/1.0/event',</a> 'initiator': {'typeURI': 'service/security/account/user', 'host':

 {'agent': 'python-requests/1.1.0 CPython/2.6.6 Linux/2.6.32-431.17.1.el6.x86_64', 'address': '1.x.x.x'}, 'id': 'openstack:3b761d61-1f9c-463c-adc4-cf83a8873aaa', 'name': 'nova'}, 'target': {'typeURI': 'service/security/account/user', 'id': 'openstack:b588a4a4-4537-4a3c-a56e-68d7518bbf69'},

 'observer': {'typeURI': 'service/security', 'id': 'openstack:35c9ba06-17b0-482f-b86a-c7407b698fe2'}, 'eventType': 'activity', 'eventTime': '2014-06-18T10:56:35.080881+0000', 'action': 'authenticate', 'outcome': 'pending', 'id': 'openstack:d4b86103-3dc9-4577-a9c4-74fc2cc4152c'}

 _send_audit_notification /usr/lib/python2.6/site-packages/keystone/notifications.py:289<br>

2014-06-18 10:56:35.136 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('qpid = oslo.messaging._drivers.impl_qpid:QpidDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.136 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('zmq = oslo.messaging._drivers.impl_zmq:ZmqDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.136 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('kombu = oslo.messaging._drivers.impl_rabbit:RabbitDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.137 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('rabbit = oslo.messaging._drivers.impl_rabbit:RabbitDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.194 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('fake = oslo.messaging._drivers.impl_fake:FakeDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.195 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('log = oslo.messaging.notify._impl_log:LogDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.195 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('messagingv2 = oslo.messaging.notify._impl_messaging:MessagingV2Driver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.195 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('noop = oslo.messaging.notify._impl_noop:NoOpDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.196 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('routing = oslo.messaging.notify._impl_routing:RoutingDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.196 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('test = oslo.messaging.notify._impl_test:TestDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.196 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('messaging = oslo.messaging.notify._impl_messaging:MessagingDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.196 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('cinder.openstack.common.notifier.no_op_notifier = oslo.messaging.notify._impl_noop:NoOpDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.196 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('cinder.openstack.common.notifier.log_notifier = oslo.messaging.notify._impl_log:LogDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.197 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('cinder.openstack.common.notifier.test_notifier = oslo.messaging.notify._impl_test:TestDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.197 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('cinder.openstack.common.notifier.rpc_notifier2 = oslo.messaging.notify._impl_messaging:MessagingV2Driver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.197 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('cinder.openstack.common.notifier.rpc_notifier = oslo.messaging.notify._impl_messaging:MessagingDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.197 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('nova.openstack.common.notifier.no_op_notifier = oslo.messaging.notify._impl_noop:NoOpDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.197 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('nova.openstack.common.notifier.test_notifier = oslo.messaging.notify._impl_test:TestDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.197 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('nova.openstack.common.notifier.rpc_notifier = oslo.messaging.notify._impl_messaging:MessagingDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.198 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('nova.openstack.common.notifier.log_notifier = oslo.messaging.notify._impl_log:LogDriver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.198 1706 DEBUG stevedore.extension [-] found extension EntryPoint.parse('nova.openstack.common.notifier.rpc_notifier2 = oslo.messaging.notify._impl_messaging:MessagingV2Driver') _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156<br>

2014-06-18 10:56:35.199 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.200 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.200 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.205 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=OU=iaas,OU=Other,DC=test,DC=local, scope=2, query=(&(cn=nova)(objectClass=Person)), attrs=['mail', 'userPassword', 'userAccountControl', 'sAMAccountName'] search_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:35.207 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.208 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.209 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.210 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.215 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=OU=iaas,OU=Other,DC=test,DC=local, scope=2, query=(&(cn=nova)(objectclass=Person)), attrs=None search_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:35.218 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.218 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.219 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.220 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=nova,OU=services,OU=Projects,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.224 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.226 1706 DEBUG keystone.notifications [-] CADF Event: {'typeURI': '<a href="http://schemas.dmtf.org/cloud/audit/1.0/event',">http://schemas.dmtf.org/cloud/audit/1.0/event',</a> 'initiator': {'typeURI': 'service/security/account/user', 'host':

 {'agent': 'python-requests/1.1.0 CPython/2.6.6 Linux/2.6.32-431.17.1.el6.x86_64', 'address': '1.x.x.x'}, 'id': 'openstack:3b761d61-1f9c-463c-adc4-cf83a8873aaa', 'name': 'nova'}, 'target': {'typeURI': 'service/security/account/user', 'id': 'openstack:12c5c400-0a51-4477-baf4-b95c91ba60ad'},

 'observer': {'typeURI': 'service/security', 'id': 'openstack:d12b322f-9c1a-493f-ac0d-6727d37cff39'}, 'eventType': 'activity', 'eventTime': '2014-06-18T10:56:35.225896+0000', 'action': 'authenticate', 'outcome': 'success', 'id': 'openstack:aa435cf2-6fd2-4cce-a40e-53753cab55bf'}

 _send_audit_notification /usr/lib/python2.6/site-packages/keystone/notifications.py:289<br>

2014-06-18 10:56:35.227 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.228 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.229 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.234 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=OU=Tenants,OU=iaas,OU=Other,DC=test,DC=local, scope=2, query=(&(ou=services)(objectClass=organizationalUnit)), attrs=['description', 'extensionName', 'businessCategory', 'ou']

 search_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:35.237 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.237 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.238 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.238 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.243 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=OU=Tenants,OU=iaas,OU=Other,DC=test,DC=local, scope=2, query=(&(ou=services)(objectClass=organizationalUnit)), attrs=['ou', 'description', 'businessCategory', 'extensionName']

 search_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:35.246 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.246 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.247 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.247 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.251 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=OU=Tenants,OU=iaas,OU=Other,DC=test,DC=local, scope=2, query=(&(ou=services)(objectClass=organizationalUnit)), attrs=['ou', 'description', 'businessCategory', 'extensionName']

 search_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:35.254 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.254 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.255 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.256 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.261 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=OU=Tenants,OU=iaas,OU=Other,DC=test,DC=local, scope=2, query=(&(ou=services)(objectClass=organizationalUnit)), attrs=['ou', 'description', 'businessCategory', 'extensionName']

 search_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:35.263 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.264 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.265 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.266 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.270 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=OU=Tenants,OU=iaas,OU=Other,DC=test,DC=local, scope=2, query=(&(ou=services)(objectclass=organizationalUnit)), attrs=None search_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:35.273 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.273 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.274 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.274 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.278 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=OU=services,OU=Tenants,OU=iaas,OU=Other,DC=test,DC=local, scope=1, query=(objectClass=organizationalRole), attrs=None search_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:35.281 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.282 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.283 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.284 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.289 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=OU=iaas,OU=Other,DC=test,DC=local, scope=2, query=(&(cn=nova)(objectClass=Person)), attrs=['mail', 'userPassword', 'userAccountControl', 'sAMAccountName'] search_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:35.291 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.292 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.292 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.293 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.297 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=OU=iaas,OU=Other,DC=test,DC=local, scope=2, query=(&(cn=nova)(objectclass=Person)), attrs=None search_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:35.300 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.300 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.302 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.303 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:35.307 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=ou=UserGroups,dc=test,dc=local, scope=2, query=(&(&(objectClass=groupOfNames)(member=CN=nova,OU=services,OU=Projects,OU=iaas,OU=Other,DC=test,DC=local))(objectClass=groupOfNames)),

 attrs=['description', 'ou'] search_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:35.310 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:35.336 1706 DEBUG keystone.openstack.common.db.sqlalchemy.session [-] MySQL server mode set to STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,TRADITIONAL,NO_AUTO_CREATE_USER _mysql_check_effective_sql_mode

 /usr/lib/python2.6/site-packages/keystone/openstack/common/db/sqlalchemy/session.py:562<br>

2014-06-18 10:56:35.384 1706 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://1.x.x.x __init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:491<br>

2014-06-18 10:56:35.385 1706 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False<br>

tls_cacertfile=None<br>

tls_cacertdir=None<br>

tls_req_cert=2<br>

tls_avail=1<br>

__init__ /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:501<br>

2014-06-18 10:56:35.386 1706 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local simple_bind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:561<br>

2014-06-18 10:56:36.391 1706 DEBUG keystone.common.ldap.core [-] LDAP search: dn=OU=Roles,OU=iaas,OU=Other,DC=test,DC=local, scope=2, query=(&(cn=services)(objectClass=organizationalRole)), attrs=['cn'] search_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:592<br>

2014-06-18 10:56:36.393 1706 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.6/site-packages/keystone/common/ldap/core.py:565<br>

2014-06-18 10:56:36.471 1706 INFO eventlet.wsgi.server [-] 1.x.x.x - - [18/Jun/2014 10:56:36] "POST /v2.0/tokens HTTP/1.1" 200 8938 1.447416<br>

2014-06-18 10:56:36.520 1706 DEBUG keystone.middleware.core [-] RBAC: auth_context: {'project_id': u'services', 'user_id': u'nova', 'roles': [u'services']} process_request /usr/lib/python2.6/site-packages/keystone/middleware/core.py:281<br>

2014-06-18 10:56:36.523 1706 DEBUG keystone.common.wsgi [-] arg_dict: {'token_id': u'4dd244aee826e0ea0f1a27e7a9d42885'} __call__ /usr/lib/python2.6/site-packages/keystone/common/wsgi.py:181<br>

2014-06-18 10:56:36.525 1706 DEBUG keystone.common.controller [-] RBAC: Authorizing identity:validate_token(token_id=4dd244aee826e0ea0f1a27e7a9d42885) _build_policy_check_credentials /usr/lib/python2.6/site-packages/keystone/common/controller.py:54<br>

2014-06-18 10:56:36.526 1706 DEBUG keystone.common.controller [-] RBAC: using auth context from the request environment _build_policy_check_credentials /usr/lib/python2.6/site-packages/keystone/common/controller.py:59<br>

2014-06-18 10:56:36.527 1706 DEBUG keystone.policy.backends.rules [-] enforce identity:validate_token: {'project_id': u'services', 'user_id': u'nova', 'roles': [u'services']} enforce /usr/lib/python2.6/site-packages/keystone/policy/backends/rules.py:101<br>

2014-06-18 10:56:36.536 1706 DEBUG keystone.openstack.common.policy [-] Rule identity:validate_token will be now enforced enforce /usr/lib/python2.6/site-packages/keystone/openstack/common/policy.py:258<br>

2014-06-18 10:56:36.537 1706 DEBUG keystone.openstack.common.fileutils [-] Reloading cached file /etc/keystone/policy.json read_cached_file /usr/lib/python2.6/site-packages/keystone/openstack/common/fileutils.py:63<br>

2014-06-18 10:56:36.545 1706 DEBUG keystone.openstack.common.policy [-] Rules successfully reloaded load_rules /usr/lib/python2.6/site-packages/keystone/openstack/common/policy.py:212<br>

2014-06-18 10:56:36.546 1706 WARNING keystone.common.wsgi [-] You are not authorized to perform the requested action, identity:validate_token.<br>

2014-06-18 10:56:36.548 1706 INFO eventlet.wsgi.server [-] 1.x.x.x - - [18/Jun/2014 10:56:36] "GET /v2.0/tokens/4dd244aee826e0ea0f1a27e7a9d42885 HTTP/1.1" 403 277 0.037631<br>

2014-06-18 10:56:36.560 1706 DEBUG keystone.middleware.core [-] RBAC: auth_context: {'project_id': u'services', 'user_id': u'nova', 'roles': [u'services']} process_request /usr/lib/python2.6/site-packages/keystone/middleware/core.py:281<br>

2014-06-18 10:56:36.563 1706 DEBUG keystone.common.wsgi [-] arg_dict: {'token_id': u'4dd244aee826e0ea0f1a27e7a9d42885'} __call__ /usr/lib/python2.6/site-packages/keystone/common/wsgi.py:181<br>

2014-06-18 10:56:36.563 1706 DEBUG keystone.common.controller [-] RBAC: Authorizing identity:validate_token(token_id=4dd244aee826e0ea0f1a27e7a9d42885) _build_policy_check_credentials /usr/lib/python2.6/site-packages/keystone/common/controller.py:54<br>

2014-06-18 10:56:36.564 1706 DEBUG keystone.common.controller [-] RBAC: using auth context from the request environment _build_policy_check_credentials /usr/lib/python2.6/site-packages/keystone/common/controller.py:59<br>

2014-06-18 10:56:36.564 1706 DEBUG keystone.policy.backends.rules [-] enforce identity:validate_token: {'project_id': u'services', 'user_id': u'nova', 'roles': [u'services']} enforce /usr/lib/python2.6/site-packages/keystone/policy/backends/rules.py:101<br>

2014-06-18 10:56:36.565 1706 DEBUG keystone.openstack.common.policy [-] Rule identity:validate_token will be now enforced enforce /usr/lib/python2.6/site-packages/keystone/openstack/common/policy.py:258<br>

<b><font color="#ff0000">2014-06-18 10:56:36.565 1706 WARNING keystone.common.wsgi [-] You are not authorized to perform the requested action, identity:validate_token.</font></b><br>

2014-06-18 10:56:36.566 1706 INFO eventlet.wsgi.server [-] 1.x.x.x - - [18/Jun/2014 10:56:36] "GET /v2.0/tokens/4dd244aee826e0ea0f1a27e7a9d42885 HTTP/1.1" 403 277 0.014182<br>

<br>

Thus, not letting me in on the WebUI.<br>

<br>

My keystone.conf ldap configuration is :<br>

<br>

driver = keystone.identity.backends.ldap.Identity<br>

<br>

[ldap]<br>

query_scope = sub<br>

url = ldap://1.x.x.x<br>

user = CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local<br>

password = XXXXX<br>

suffix = dc=test,dc=local<br>

use_dumb_member = True<br>

dumb_member = CN=openstack-user,OU=iaas,OU=Other,DC=test,DC=local<br>

<br>

user_tree_dn = OU=iaas,OU=Other,DC=test,DC=local<br>

#user_objectclass = organizationalPerson<br>

user_objectclass = Person<br>

user_id_attribute = cn<br>

user_name_attribute = sAMAccountName<br>

user_mail_attribute = mail<br>

user_enabled_attribute = userAccountControl<br>

user_enabled_mask = 2<br>

user_enabled_default = 512<br>

user_attribute_ignore = password,tenant_id,tenants<br>

user_allow_create = True<br>

user_allow_update = True<br>

user_allow_delete = True<br>

<br>

tenant_tree_dn = OU=Tenants,OU=iaas,OU=Other,DC=test,DC=local<br>

tenant_objectclass = organizationalUnit<br>

tenant_id_attribute = ou<br>

tenant_member_attribute = member<br>

tenant_name_attribute = ou<br>

tenant_desc_attribute = description<br>

tenant_enabled_attribute = extensionName<br>

tenant_attribute_ignore = description,businessCategory,extensionName<br>

tenant_allow_create = True<br>

tenant_allow_update = True<br>

tenant_allow_delete = True<br>

<br>

role_tree_dn = OU=Roles,OU=iaas,OU=Other,DC=test,DC=local<br>

#role_tree_dn = CN=admin,OU=Services,OU=Roles,OU=iaas,OU=Other,DC=test,DC=local<br>

role_objectclass = organizationalRole<br>

role_id_attribute = cn<br>

role_name_attribute = cn<br>

role_member_attribute = roleOccupant<br>

role_allow_create = True<br>

role_allow_update = True<br>

role_allow_delete = True<br>

<br>

<br>

Any pointers ?<br>

<br>

<br>

Tarkan<br>

<br>

</body>

</html>