[Openstack] Issue with multi domains and LDAP backend
Chris Card
ctcard at hotmail.com
Tue Feb 24 15:09:07 UTC 2015
I have keystone set up with domain-specific configuration, with one domain (testdomain1) using LDAP as the identity backend, while the default domain is using the sql backend.
The "openstack user list --domain testdomain1" command works ok, and shows the users from the LDAP backend:
# openstack user list --domain testdomain1
+------------------------------------------------------------------+-------+
| ID | Name |
+------------------------------------------------------------------+-------+
| 94de8c8a8be4840cc7e69df0d561f6691a68411a904c978b7359a3bd737ab836 | ccard |
+------------------------------------------------------------------+-------+
I have also created a project (testproject1) in the testdomain1 domain ok:
# openstack project show testproject1
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | bab626f8e76e44d4b85036425341eea4 |
| enabled | True |
| id | 890a5adb3df84a1584442b4685d57270 |
| name | testproject1 |
+-------------+----------------------------------+
# openstack domain show testdomain1
+---------+----------------------------------+
| Field | Value |
+---------+----------------------------------+
| enabled | True |
| id | bab626f8e76e44d4b85036425341eea4 |
| name | testdomain1 |
+---------+----------------------------------+
But if I try to do "openstack role add --project testproject1 --user ccard _member_" I get the error message "ERROR: openstack The request you have made requires authentication. (HTTP 401)" and in /etc/keystone/keystone.log I see:
2015-02-24 15:05:11.534 32138 WARNING keystone.common.wsgi [-] Could not find role: _member_
2015-02-24 15:05:11.584 32138 WARNING keystone.common.wsgi [-] Could not find user: ccard
2015-02-24 15:05:11.604 32138 WARNING keystone.common.controller [-] No domain information specified as part of list request
2015-02-24 15:05:11.605 32138 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from *********
2015-02-24 15:05:11.802 32138 WARNING keystone.common.controller [-] No domain information specified as part of list request
2015-02-24 15:05:11.802 32138 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from *********
(I am running Juno, on CentOS 7)
Any ideas?
Chris
More information about the Openstack
mailing list