Open Stack

That table is populated by keystone, I'm not sure if modifying the  
database is the right approach here. If you check

control01:~ # openstack user list --long --domain <DOMAIN>

you should see the affected (non-local) user there, correct? I'm not  
sure if it's a good idea and what the consequences would be if you  
tried to delete the user with the openstack cli. Depending on the  
configs keystone could actually delete it from the AD backend, but as  
I said, I'm not sure what will happen, so be careful. Just to compare,  
what do your keystone configs look like, especially these two sections:

[assignment]
[identity]

We use LDAP as backend for non-local users (but I'm not an admin) so  
it should be a similar setup. Our identity section looks like this:

[identity]
domain_specific_drivers_enabled = true
domain_configurations_from_database = true
driver = sql

and this is the assignment section:

[assignment]
driver = sql

Do you know any history with this specific user why it stopped working?


Zitat von Adivya Singh <adivya1.singh at gmail.com>:

> hi Eugen,
>
> I checked and I did not find a duplicate entry from the AD side.
>
> What i tried, was delete all the resources which are with the user, and
> delete the project id and re register the user again, but it does not work
>
> Also i tried to delete the project for the user id, and try to login for
> that user name but same error
>
> What i found is still there is a entry in Keystone Database , in a non_user
> local table for the user.
>
> Can i manually delete from the Database, or is there any way from Open
> stack to delete a non_local user
>
> Regards
> Adivya Singh
>
> On Mon, Nov 7, 2022 at 8:16 PM Adivya Singh <adivya1.singh at gmail.com> wrote:
>
>> Ok, I will check.
>>
>> On Sat, Nov 5, 2022 at 12:33 AM Eugen Block <eblock at nde.ag> wrote:
>>
>>> I know nothing about AD, I’m afraid. But where exactly do you see that
>>> message? Is it in keystone or AD? Anyway, you seem to have a duplicate
>>> entry (somewhere), so check the keystone database and the AD entries
>>> and compare (with working users).
>>>
>>> Zitat von Adivya Singh <adivya1.singh at gmail.com>:
>>>
>>> > Hi Eugen,
>>> >
>>> > I see the below error while authenticating
>>> > Conflict occurred attempting to store nonlocal_user - Duplicate entry
>>> found
>>> > with name <userid> at domain ID
>>> >
>>> > How can we fix this?
>>> >
>>> > Regards
>>> > Adivya Singh
>>> >
>>> > On Fri, Nov 4, 2022 at 6:13 PM Adivya Singh <adivya1.singh at gmail.com>
>>> wrote:
>>> >
>>> >> Hi Eugen,
>>> >>
>>> >> All the users are AD based authentication, but this user only facing a
>>> >> problem
>>> >> Trying to Find out the AD Team , what happened all of a sudden for this
>>> >> user
>>> >>
>>> >> Regards
>>> >> Adivya Singh
>>> >>
>>> >> R
>>> >>
>>> >>
>>> >> On Fri, Nov 4, 2022 at 2:06 PM Eugen Block <eblock at nde.ag> wrote:
>>> >>
>>> >>> I assume this isn't the only user trying to login from AD, correct?
>>> >>> Then compare the properties/settings between a working and the
>>> >>> non-working user, you should probably find something. Also enable
>>> >>> debug logs in keystone to find more details. And by "all of a sudden"
>>> >>> you mean that it worked before? So what changed between then and now?
>>> >>>
>>> >>> Zitat von Adivya Singh <adivya1.singh at gmail.com>:
>>> >>>
>>> >>> > Hi Team,
>>> >>> >
>>> >>> > There is one issue , where a user is getting " Authenticated
>>> Failure"
>>> >>> all
>>> >>> > of a sudden, and this user is the only user who is facing this
>>> problem.
>>> >>> >
>>> >>> > I tried to disable and enable the project if, Check the logs but do
>>> not
>>> >>> > found anything related to Keystone authentication
>>> >>> >
>>> >>> > Delete the Project id and Create it again , Results are same , Any
>>> >>> insights
>>> >>> > what i can do more to fix this issue
>>> >>> >
>>> >>> > Regards
>>> >>> > Adivya Singh
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>>
>>>
>>>
>>>