[Openstack-operators] How to manage keystone identity service with ldap backend

Verga Emanuele verga.emanuele at gmail.com
Thu Jul 12 08:32:50 UTC 2012

Hi everyone,

I'm currently trying to implent a test configuration of keystone using ldap
as backend.
I've configured everything following  those instructions (
but if I try to create a new tenant named service (keystone tenant-create
--name service )the creation fails and I get the following error:

An unexpected error prevented the server from fulfilling your request.
{'info': 'enabled: attribute type undefined', 'desc': 'Undefined attribute
type'} (HTTP 500)
Other keystone client commands fail too.

According to this post (
custom ldap schema should be required.

What I'm not sure about is if this is expected behavior (I.E. Does the
keystone client only works with a SQL backend?) or do I have some error in
my implementation?
Also, if the keystone client only works with an SQL backend how should I
manage users, roles, tenants etc?

Thanks in advance for the help

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20120712/da094c57/attachment.html>

More information about the Openstack-operators mailing list