Folks,
I am running the 2023.1 release of openstack using kolla-ansible. I have integrated with LDAP and everything works fine. But today when I created application creds and used that to access openstack api I got all kinds of strange auth errors.
#!/usr/bin/env bash
export OS_AUTH_TYPE=v3applicationcredential
export OS_AUTH_URL=
https://openstack-eng.example.com:5000export OS_IDENTITY_API_VERSION=3
export OS_REGION_NAME="eng"
export OS_INTERFACE=public
export OS_APPLICATION_CREDENTIAL_ID=ee17300916b1401f912f6140ce9cd642
export OS_APPLICATION_CREDENTIAL_SECRET=XXXXXXXXX
What is wrong here because I have one more setup of openstack which is not using LDAP but in that cloud application creds working fine.
# cat /etc/keystone/keystone.conf
[DEFAULT]
debug = False
transport_url = hiding....
log_file = /var/log/kolla/keystone/keystone.log
use_stderr = True
[oslo_middleware]
enable_proxy_headers_parsing = True
[database]
connection = mysql+pymysql://
keystone:hiding...@openstack-eng.example.com:3306/keystoneconnection_recycle_time = 10
max_pool_size = 1
max_retries = -1
[identity]
domain_specific_drivers_enabled = true
domain_config_dir = /etc/keystone/domains
[token]
revoke_by_id = False
provider = fernet
expiration = 86400
allow_expired_window = 172800
[fernet_tokens]
max_active_keys = 3
[cache]
backend = oslo_cache.memcache_pool
enabled = True
memcache_servers =
10.0.25.201:11211,
10.0.25.202:11211,
10.0.25.203:11211[oslo_messaging_notifications]
transport_url = rabbit://openstack:hiding....
driver = noop
[oslo_messaging_rabbit]
heartbeat_in_pthread = True
amqp_durable_queues = true
rabbit_quorum_queue = true
kombu_reconnect_delay = 0.5
rabbit_transient_queues_ttl = 60
# cat /etc/keystone/domains/keystone.eng.conf
# Ansible managed
[identity]
driver = ldap
[ldap]
debug_level = 4095
group_allow_create = False
group_allow_delete = False
group_allow_update = False
group_id_attribute = cn
hiding....
hiding....