check out my blog for full deployment of LDAP - https://satishdotpatel.github.io/openstack-ldap-integration/ On Thu, Feb 4, 2021 at 10:35 AM Midhunlal Nb <midhunlaln66@gmail.com> wrote:
Hi sathish, Once you are free,please reply to my doubts,I believe that I can solve this issue with your solution.
Thanks & Regards Midhunlal N B +918921245637
On Thu, Feb 4, 2021 at 8:14 PM Midhunlal Nb <midhunlaln66@gmail.com> wrote:
Hi Satish, I have some doubt in your configuration 1.In keystone, "domains" directory and "keystone.myldapdomain.conf "file i need to create right?
2.In [ldap] section url = ldap://192.168.x.xx user = cn=admin,dc=blr,dc=ind,dc=company,dc=com password = xxxxx suffix = dc=company,dc=com I need to add or no need?if not how does openstack connect to my ldap?please reply me.
Thanks & Regards Midhunlal N B +918921245637
On Thu, Feb 4, 2021 at 7:58 PM Satish Patel <satish.txt@gmail.com> wrote:
This is what i have
In /etc/keystone/keystone.conf
[identity] driver = sql domain_config_dir = /etc/keystone/domains domain_specific_drivers_enabled = True
In /etc/keystone/domains/keystone.myldapdomain.conf
[identity] driver = ldap
[ldap] group_allow_create = False group_allow_delete = False group_allow_update = False group_id_attribute = cn ... ... ... <<omitted>>
On Thu, Feb 4, 2021 at 9:10 AM Midhunlal Nb <midhunlaln66@gmail.com> wrote:
Hi satish, Thank you so much for your response!Here I am pasting my ldap configuration what i done in keystone.conf,please check and let me know what changes i need to make,also please tell me what are all the new entries i need to add in LDAP. I have been struggling with this issue for the last 2 month,please help me.
1.[identity] driver = ldap 2.[ldap] url = ldap://192.168.x.xx user = cn=admin,dc=blr,dc=ind,dc=company,dc=com password = xxxxx suffix = dc=company,dc=com query_scope = sub page_size = 2000 alias_dereferencing = default #chase_referrals = false chase_referrals = false debug_level = 0 use_pool = true pool_size = 10 pool_retry_max = 3 pool_retry_delay = 0.1 pool_connection_timeout = -1 pool_connection_lifetime = 600 use_auth_pool = false auth_pool_size = 100 auth_pool_connection_lifetime = 60 user_id_attribute = cn user_name_attribute = sn user_mail_attribute = mail user_pass_attribute = userPassword user_enabled_attribute = userAccountControl user_enabled_mask = 2 user_enabled_invert = false user_enabled_default = 512 user_default_project_id_attribute = user_additional_attribute_mapping =
group_id_attribute = cn group_name_attribute = ou group_member_attribute = member group_desc_attribute = description group_additional_attribute_mapping =
user_tree_dn = ou=people,dc=blr,dc=ind,dc=company,dc=com user_objectclass = inetOrgPerson
group_tree_dn = ou=group,dc=blr,dc=ind,dc=company,dc=com group_objectclass = organizationalUnit
This is the configuration I have in my keystone.conf file for ldap integration.
Thanks & Regards Midhunlal N B +918921245637
On Thu, Feb 4, 2021 at 7:10 PM Satish Patel <satish.txt@gmail.com> wrote:
Default all group/role/project/user information in SQL but when you say use LDAP then it’s trying to find those information in LDAP, do you have all those information in LDAP? ( assuming not that is why you getting that error)
You should tell your openstack use LDAP for only authentication for user information and look for remaining roles/project etc in SQL That is what I’m running in my cloud and everything works.
Full LDAP integration is little complicated that is why I pick partial method.
Sent from my iPhone
On Feb 4, 2021, at 7:16 AM, Midhunlal Nb <midhunlaln66@gmail.com> wrote:
Hi all,
Before ldap integration openstack working properly but if i set "driver = ldap" in keystone.conf under [identity] section nothing is working for me,I am not able run any openstack command and also not able to create any project or domain or user.If remove "driver = ldap" entry everything working back normally please help me on this issue.
If i run admin-openrc file I am getting below error;
root@controller:~/client-scripts# openstack image list The request you have made requires authentication. (HTTP 401) (Request-ID: req-bdcde4be-5b62-4454-9084-19324603d0ce)
Please help me .Where I am making mistakes?
Thanks & Regards Midhunlal N B +918921245637