[Openstack] [Keystone] Creating tenant failed when using ldap as identity backend: 'attribute type undefined'

Adam Young ayoung at redhat.com
Thu Sep 6 13:45:34 UTC 2012 

Interesting.  We have this outstanding bug report 
https://code.launchpad.net/bugs/980085

I would appreciate it if you could add what you found to the bug report.




On 09/06/2012 03:50 AM, Yanping Xie wrote:
> Hi, All
>     I have resolved this problem by add 'enabled' attribute to 
> class groupOfNames of ldap schema, thanks all the same.
>
> *attributetype ( 2.5.4.66 NAME 'enabled'*
> *        DESC 'RFC2256: enabled of a group'*
> *        EQUALITY booleanMatch*
> *        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7*
> *        SINGLE-VALUE )*
>
> objectclass ( 2.5.6.9 NAME 'groupOfNames'
>         DESC 'RFC2256: a group of names (DNs)'
>         SUP top STRUCTURAL
>         MUST ( member $ cn )
>         MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ 
> description $ *enabled *) )
>
> 2012/9/5 Yanping Xie <irsxyp at gmail.com <mailto:irsxyp at gmail.com>>
>
>     Hi, all
>
>     I am trying to setup keystone to use ldap as backend, but failed
>     on creating the first tenant.
>
>     # keystone tenant-create --name=admin
>     An unexpected error prevented the server from fulfilling your
>     request. {'info': 'enabled: attribute type undefined', 'desc':
>     'Undefined attribute type'} (HTTP 500)
>
>
>     Here is my keystone config about ldap(snippets from keystone.log):
>     ------------------------------------------------------
>     ldap.tenant_member_attribute   = member
>     ldap.tenant_name_attribute     = ou
>     ldap.tenant_objectclass        = groupOfNames
>     ldap.tenant_tree_dn            = ou=Group,dc=example,dc=com
>     ldap.url                       = ldap://182.xxx.29.250
>     ldap.use_dumb_member           = False
>     ldap.user                      = cn=Manager,dc=example,dc=com
>     ldap.user_id_attribute         = cn
>     ldap.user_name_attribute       = sn
>     ldap.user_objectclass          = inetOrgPerson
>     ldap.user_tree_dn              = ou=User,dc=example,dc=com
>     ------------------------------------------------------
>
>     Ldap server migration file to initialize ldap:
>     ------------------------------------------------------
>     dn: dc=example,dc=com
>     objectClass: dcObject
>     objectClass: organization
>     dc: example
>     o: The Example Corporation
>
>     dn: ou=Group,dc=example,dc=com
>     ou: Group
>     objectClass: top
>     objectClass: organizationalUnit
>
>     dn: ou=User,dc=example,dc=com
>     ou: User
>     objectClass: top
>     objectClass: organizationalUnit
>
>     dn: ou=Role,dc=example,dc=com
>     objectClass: top
>     objectClass: organizationalUnit
>     ------------------------------------------------------
>
>     Related keytone log is as follows:
>     ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>     2012-09-05 18:45:33    DEBUG [keystone.common.ldap.core] LDAP
>     init: url=ldap://182.xxx.29.250
>     2012-09-05 18:45:33    DEBUG [keystone.common.ldap.core] LDAP
>     bind: dn=cn=Manager,dc=example,dc=com
>     2012-09-05 18:45:33    DEBUG [keystone.common.ldap.core] LDAP add:
>     dn=cn=7ab0c10b9fc04f89affb66e1650fc694,ou=Group,dc=example,dc=com,
>     attrs=[('objectClass', ['groupOfNames']), (
>     'enabled', ['TRUE']), ('ou', ['admin']), ('member',
>     ['cn=dumb,dc=nonexistent'])]
>     2012-09-05 18:45:33    ERROR [root] {'info': 'enabled: attribute
>     type undefined', 'desc': 'Undefined attribute type'}
>     Traceback (most recent call last):
>       File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py",
>     line 204, in __call__
>         result = method(context, **params)
>       File
>     "/usr/lib/python2.6/site-packages/keystone/identity/core.py", line
>     397, in create_tenant
>         context, tenant_ref['id'], tenant_ref)
>       File
>     "/usr/lib/python2.6/site-packages/keystone/common/manager.py",
>     line 47, in _wrapper
>         return f(*args, **kw)
>       File
>     "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py",
>     line 208, in create_tenant
>         return self.tenant.create(tenant)
>       File
>     "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py",
>     line 492, in create
>         return super(TenantApi, self).create(data)
>       File
>     "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py",
>     line 179, in create
>         conn.add_s(self._id_to_dn(values['id']), attrs)
>       File
>     "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py",
>     line 310, in add_s
>         return self.conn.add_s(dn, ldap_attrs)
>       File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py",
>     line 194, in add_s
>         return self.result(msgid,all=1,timeout=self.timeout)
>       File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py",
>     line 436, in result
>         res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
>       File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py",
>     line 440, in result2
>         res_type, res_data, res_msgid, srv_ctrls =
>     self.result3(msgid,all,timeout)
>       File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py",
>     line 446, in result3
>         ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
>       File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py",
>     line 96, in _ldap_call
>         result = func(*args,**kwargs)
>     *UNDEFINED_TYPE: {'info': 'enabled: attribute type undefined',
>     'desc': 'Undefined attribute type'}*
>     ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>     And the ldap server log is as follows:
>     ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>     Sep  5 18:45:33 ldaps slapd[7946]: conn=1011 op=1 ADD
>     dn="cn=7ab0c10b9fc04f89affb66e1650fc694,ou=Group,dc=example,dc=com"
>     Sep  5 18:45:33 ldaps slapd[7946]: send_ldap_result: conn=1011
>     op=1 p=3
>     Sep  5 18:45:33 ldaps slapd[7946]: send_ldap_result: err=17
>     matched="" text="enabled: attribute type undefined"
>     Sep  5 18:45:33 ldaps slapd[7946]: send_ldap_response: msgid=2
>     tag=105 err=17
>     *Sep  5 18:45:33 ldaps slapd[7946]: conn=1011 op=1 RESULT tag=105
>     err=17 text=enabled: attribute type undefined*
>     ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
>     This problem makes me crazy for quite a while. Can anyone help me
>     out? Really appricate your help.
>
>     Best Regards.
>
>     Yanping
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120906/ea1671f0/attachment.html>

More information about the Openstack mailing list