[Openstack] Issue with multi domains and LDAP backend
Ali, Haneef
haneef.ali at hp.com
Tue Feb 24 20:55:46 UTC 2015
Hi,
Use id, instead of name for "project" and user.
"openstack role add --project 890a5adb3df84a1584442b4685d57270 --user 94de8c8a8be4840cc7e69df0d561f6691a68411a904c978b7359a3bd737ab836 _member_"
Thanks
Haneef
-----Original Message-----
From: Chris Card [mailto:ctcard at hotmail.com]
Sent: Tuesday, February 24, 2015 7:09 AM
To: openstack at lists.openstack.org
Subject: [Openstack] Issue with multi domains and LDAP backend
I have keystone set up with domain-specific configuration, with one domain (testdomain1) using LDAP as the identity backend, while the default domain is using the sql backend.
The "openstack user list --domain testdomain1" command works ok, and shows the users from the LDAP backend:
# openstack user list --domain testdomain1
+------------------------------------------------------------------+-------+
| ID |
| Name |
+------------------------------------------------------------------+-------+
| 94de8c8a8be4840cc7e69df0d561f6691a68411a904c978b7359a3bd737ab836 |
| ccard |
+------------------------------------------------------------------+-------+
I have also created a project (testproject1) in the testdomain1 domain ok:
# openstack project show testproject1
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | | domain_id |
| bab626f8e76e44d4b85036425341eea4 | enabled | True
| | id | 890a5adb3df84a1584442b4685d57270 | name |
| testproject1 |
+-------------+----------------------------------+
# openstack domain show testdomain1
+---------+----------------------------------+
| Field | Value |
+---------+----------------------------------+
| enabled | True | id |
| bab626f8e76e44d4b85036425341eea4 | name | testdomain1
| |
+---------+----------------------------------+
But if I try to do "openstack role add --project testproject1 --user ccard _member_" I get the error message "ERROR: openstack The request you have made requires authentication. (HTTP 401)" and in /etc/keystone/keystone.log I see:
2015-02-24 15:05:11.534 32138 WARNING keystone.common.wsgi [-] Could not find role: _member_
2015-02-24 15:05:11.584 32138 WARNING keystone.common.wsgi [-] Could not find user: ccard
2015-02-24 15:05:11.604 32138 WARNING keystone.common.controller [-] No domain information specified as part of list request
2015-02-24 15:05:11.605 32138 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from *********
2015-02-24 15:05:11.802 32138 WARNING keystone.common.controller [-] No domain information specified as part of list request
2015-02-24 15:05:11.802 32138 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from *********
(I am running Juno, on CentOS 7)
Any ideas?
Chris
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
More information about the Openstack
mailing list