openrc issue with keystone LDAP integration

Satish Patel satish.txt at gmail.com
Tue Nov 26 04:30:24 UTC 2019


I am running openstack stein and very strange issue going on, life was
good until today when i finish my keystone + LDAP integration with
multi-domain setup and all role assignment in SQL.

when today one of user complained that his openrc isn't working
correctly, look like something openrc doesn't like about LDAP
integration, but same user can access everything from Horizon.

my ldap domain is "eng" and here is my openrc file.


# COMMON OPENSTACK ENVS
export OS_ENDPOINT_TYPE=internalURL
export OS_INTERFACE=internalURL
export OS_USERNAME=spatel
export OS_PASSWORD='MyLDAPPassword123'
export OS_PROJECT_NAME=eng
export OS_TENANT_NAME=eng
export OS_AUTH_TYPE=password
export OS_AUTH_URL=http://172.28.16.9:5000/v3
export OS_NO_CACHE=1
export OS_USER_DOMAIN_NAME=eng
export OS_PROJECT_DOMAIN_NAME=eng
export OS_REGION_NAME=RegionOne

# For openstackclient
export OS_IDENTITY_API_VERSION=3
export OS_AUTH_VERSION=3

[root at openstack ~]# source spatel.rc
[root at openstack ~]# nova list
ERROR (Unauthorized): The request you have made requires
authentication. (HTTP 401) (Request-ID:
req-5877deee-b8be-4b21-9ff6-855ae43e268e)

but if i take same openrc file and add "admin" account it and
"default" domain then it works so don't know why it doesn't like LDAP
creds?



More information about the openstack-discuss mailing list