[Openstack-operators] How to manage keystone identity service with ldap backend

Joseph Heck heckj at mac.com
Thu Jul 12 15:45:22 UTC 2012

Hey Emanuele - 

First thing to undertstand the bug is to look at the logging and see what's getting reported as the issue. By default, Keystone logs to /var/log/keystone/keystone.log, but can be modified based on whatever you've set up in your keystone.conf.

I don't personally use the LDAP backend to Keystone, but I have significant faith that it works based on Adam's work in developing it.


On Jul 12, 2012, at 1:32 AM, Verga Emanuele wrote:
> Hi everyone,
> I'm currently trying to implent a test configuration of keystone using ldap as backend.
> I've configured everything following  those instructions (http://docs.openstack.org/developer/keystone/configuration.html#configuring-the-ldap-identity-provider), but if I try to create a new tenant named service (keystone tenant-create --name service )the creation fails and I get the following error:
> An unexpected error prevented the server from fulfilling your request. {'info': 'enabled: attribute type undefined', 'desc': 'Undefined attribute type'} (HTTP 500)
> Other keystone client commands fail too.
> According to this post (http://www.gossamer-threads.com/lists/openstack/dev/12444?do=post_view_threaded)no custom ldap schema should be required.
> What I'm not sure about is if this is expected behavior (I.E. Does the keystone client only works with a SQL backend?) or do I have some error in my implementation?
> Also, if the keystone client only works with an SQL backend how should I manage users, roles, tenants etc?
> Thanks in advance for the help
> Emanuele
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20120712/f7f33d02/attachment.html>

More information about the Openstack-operators mailing list