[Openstack] How to configure Keystone with open LDAP + horizon on grizzly

yasith tharindu yasithucsc at gmail.com
Mon May 20 05:54:01 UTC 2013


The question is posted on openstack ask page.
https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/

Error

2013-05-19 15:21:23    ERROR [root] 'domain_id'
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py",
line 236, in __call__
    result = method(context, **params)
  File "/usr/lib/python2.7/dist-packages/keystone/token/controllers.py",
line 82, in authenticate
    core.validate_auth_info(self, context, user_ref, tenant_ref)
  File "/usr/lib/python2.7/dist-packages/keystone/token/core.py", line
84, in validate_auth_info
    user_ref['domain_id'])
KeyError: 'domain_id'

2013-05-19 15:21:23    DEBUG [keystone.common.wsgi] {"error":
{"message": "An unexpected error prevented the server from fulfilling
your request. 'domain_id'", "code": 500, "title": "Internal Server
Error"}}

Keystone config

==========================================================================
url = ldap://192.168.1.111
user = cn=admin,dc=example,dc=com
password = secret
suffix = cn=example,cn=com
use_dumb_member = False
tree_dn = dc=example,dc=com

user_tree_dn = ou=Users,dc=example,dc=com
user_objectclass = inetOrgPerson
user_id_attribute = cn
user_name_attribute = sn
user_pass_attribute = userPassword
user_allow_create = True
user_allow_update = True
user_enabled_attribute = enabled
user_enabled_default = True
user_domain_id_attribute = None

tenant_tree_dn = ou=Tenants,dc=example,dc=com
tenant_objectclass = groupOfNames
tenant_id_attribute = cn
tenant_member_attribute = member
tenant_name_attribute = ou
tenant_domain_id_attribute = None
tenant_allow_create = True
tenant_allow_update = True


role_tree_dn = ou=Roles,dc=example,dc=com
role_objectclass = groupOfNames
role_member_attribute = member
role_id_attribute = cn
role_name_attribute = ou
role_allow_create = True
role_allow_update = True


==============================================

ldap config as follows.

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: example Inc
dc: example


dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: c2VjcmV0



dn: ou=Users,dc=example,dc=com
ou: users
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit


dn: ou=Roles,dc=example,dc=com
ou: roles
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit


dn: ou=Tenants,dc=example,dc=com
ou: tenants
objectClass: organizationalUnit



dn: cn=demo,ou=Users,dc=example,dc=com
cn: demo
displayName: demo
givenName: demo
mail: demo at example.com
objectClass: inetOrgPerson
objectClass: top
sn: demo
uid: demo
userPassword:: c2VjcmV0


dn: cn=admin,ou=Roles,dc=example,dc=com
objectClass: groupOfNames
cn: admin
description: Openstack admin Role
member: cn=demo,ou=Users,dc=example,dc=com


dn: cn=admin,ou=Tenants,dc=example,dc=com
objectClass: groupOfNames
cn: admin
description: Openstack admin Tenant
member: cn=demo,ou=Users,dc=example,dc=com

I would really appreciate your help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130520/59a8859a/attachment.html>


More information about the Openstack mailing list