[openstack-dev] Is Havana keystone rpm actually splitting identity and assignment?

Adam Young ayoung at redhat.com
Fri Nov 15 23:01:27 UTC 2013


On 11/15/2013 11:15 AM, Ben Nemec wrote:
>
> This list is for development discussion only.  Since this sounds like 
> a question specific to RHEL, might I suggest you ask it on 
> http://openstack.redhat.com/forum/ ?
>

Nah, this is legit.

> Thanks.
>
> -Ben
>
> On 2013-11-15 10:13, Abhishek Lahiri wrote:
>
>>
>>     I have installed openstack-keystone-2013.2-0.11.b3.el6.noarch rpm
>>     and I added a active directory user "test123" with role admin and
>>     tenant admin successfully. In Keystone.conf identity is pointed
>>     to ldap and assignment  is pointed to SQL. I sourced keystonerc
>>     file with the correct credentials for user test123 and then
>>     trying to run a keystone commands.
>>     However when I run keystone get-token if gives me the following
>>     error:
>>     Authorization Failed: An unexpected error prevented the server
>>     from fulfilling your request. {'info': '000020D6: SvcErr:
>>     DSID-031007DB, problem 5012 (DIR_ERROR), data 0\n', 'desc':
>>     'Operations error'} (HTTP 500)
>>
So, yes, if you do not explicitly supply the assignements backend, and 
the frontend is specified to be LDAP, we assume the assignments backend 
is LDAP as well.   The reason is to avoid breaking backwards compat for 
people that already have LDAP working under Grizzly and are upgrading.


>>     I am not sure why keystone is still looking at the Active
>>     Directory for authorization?
>>
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org  <mailto:OpenStack-dev at lists.openstack.org>
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131115/3dbcfc38/attachment.html>


More information about the OpenStack-dev mailing list