[Openstack] Problems with OpenStack and LDAP

Ivan Derbenev ivan.derbenev at tech-corps.com
Mon Aug 17 08:35:05 UTC 2015

You need to create service users in ldap
ADMIN_TOKEN should work for assigning roles

IT engineer
Farheap, Russia
Ivan Derbenev

-----Original Message-----
From: Marc Pape [mailto:marc.pape at gmail.com] 
Sent: Monday, August 17, 2015 10:32 AM
To: openstack at lists.openstack.org
Subject: [Openstack] Problems with OpenStack and LDAP

Hello everybody,

i've got some problems with our OpenStack (Juno) and the Integrate Identity Service over LDAP.
The LDAP connection is read only, so i configured the [identity], [ldap] and [assignment] parts in keystone conf.
The identity part use "driver =
keystone.identity.backends.ldap.Identity" and assignment "driver = keystone.assignment.backends.sql.Assignment"
Our goal is a user authentication via LDAP and project assignment in the internal SQL . It would be great if the service users of OpenStack are also stored in SQL, but they are also currently in the LDAP deposited.
After restarting the Keystone Service authentication via LDAP is possible. The user get the message that no projects assigned to him.
Now there are wto problems. How can you log in as admin to assign projects and keystone said that it couldn't find the service user like ceilometer, neutron and so on.
I've followed the instructions on docs.openstack.org for Identity management, but i didn't find any notices about that problems.

Many greetings and thanks for a possible answer


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

More information about the Openstack mailing list