[Openstack] Havana / LDAP(AD) / You are not authorized for any projects.

ethan at 757.org ethan at 757.org
Tue Nov 18 22:37:24 UTC 2014 

After difficulty and downtime spent with Icehouse we rolled back to 
Havana as we had a once-working config that was integrated with our Active 
Directory server.

Everything was rebuilt, and things work fine with the exception of LDAP, 
again.

I'm fairly confident the system is passing the username/password 
validation part, but fails with a "You are not authorized for any 
projects."

I've read pretty much every page on the internet related to LDAP and 
OpenStack over the past week, and do know there is notes about this error 
on the earlier Grizzly version but they were corrected by the time Havana 
was deployed here.

When a valid account is supplied, the front Web end replies with a "You 
are not authorized for any projects."

In the database tables, the user is assigned to the admin project. The 
admin project under_project_metadata table has two user IDs assigned to it 
including the account I'm trying to use.

On the LDAP side there are accounts for all of the services, but I am not 
sure if the tokens are making it through.

The setup has the ldap driver enabled for identity and sql driver enabled 
for Assignment and Catalog.


Any help is greatly appreciated. My coworkers went to the redhat openstack 
courses and such but I don't' believe the LDAP stuff was covered and this 
seems more like a bug. I really wish I had saved a copy of the LDAP 
core.py module from the working install so I could narrow down when in 
time the code was from :-(

The logging in Icehouse is of course improved over Havana:


2014-11-18 22:15:40.573 17771 WARNING keystone.common.wsgi [-] 
Authorization failed. The request you have made requires authentication. 
from 10.100.x.x
2014-11-18 22:16:06.848 17771 WARNING keystone.common.wsgi [-] 
Authorization failed. The request you have made requires authentication. 
from 10.100.x.x
2014-11-18 22:18:21.515 17771 WARNING keystone.common.wsgi [-] 
Authorization failed. The request you have made requires authentication. 
from 10.100.x.x
2014-11-18 22:18:32.477 17771 WARNING keystone.common.wsgi [-] 
Authorization failed. The request you have made requires authentication. 
from 10.100.x.x

More information about the Openstack mailing list