On 08/05/2013 07:37 PM, Miller, Mark M (EB SW Cloud - R&D - Corvallis)
wrote:
>
> I have been inserting debug logging and stack traces into the code
> base to help find out what is and is not happening.
>
> ·I am able to connect the LDAP backend to our Enterprise Directory and
> perform a REST “get an unscoped token” from keystone. Following is the
> result:
>
> ·*Connection →*keep-alive
>
> ·*Content-Length →*259
>
> ·*Content-Type →*application/json
>
> ·*Date →*Fri, 26 Jul 2013 21:49:16 GMT
>
> ·*Vary →*X-Auth-Token
>
> ·*X-Subject-Token →*cae95a17517245798acb17c47b8eb74b
>
> {
>
> "token": {
>
> "issued_at": "2013-07-26T21:49:16.951821Z",
>
> "extras": {},
>
> "methods": [
>
> "password"
>
> ],
>
> "expires_at": "2045-04-03T19:49:16.951738Z",
>
> "user": {
>
> "domain": {
>
> "id": "default",
>
> "name": "Default"
>
> },
>
> "id": "[email protected]",
>
> "name": "[email protected]"
>
> }
>
> }
>
> }
>
> ·When I attempt to assign a role to the user:
>
> Økeystone user-role-add --user "[email protected]" --role-id
> 7fb862d10b5c46679b4334eae9c73a46 --tenant-id
> 9798b027472d4f459d231c005977b3ac
>
> The “identity/controllers/get_users()” method is called instead of the
> “get_user_by_name()” method.
>Opened a bug for this. https://bugs.launchpad.net/keystone/+bug/1208653 > Does anyone know why or how to fix this or if what I am trying to do > even works? > > Regards, > > Mark Miller > > *From:*Miller, Mark M (EB SW Cloud - R&D - Corvallis) > *Sent:* Friday, August 02, 2013 4:00 PM > *To:* OpenStack Development Mailing List; Adam Young > ([email protected]); Dolph Mathews ([email protected]); Yee, Guang > *Subject:* Re: [openstack-dev] Keystone Split Backend LDAP Question > > Hello, > > With some minor tweaking of the keystone common/ldap/core.py file, I > have been able to authenticate and get an unscoped token for a user > from an LDAP Enterprise Directory. I want to continue testing but I > have some questions that need to be answered before I can continue. > > 1.Do I need to add the user from the LDAP server to the Keystone SQL > database or will the H-2 code search the LDAP server? > > 2.When I performed a “keystone user-list” the following log file > entries were written indicating that keystone was attempting to get > all the users on the massive Enterprise Directory. How do we limit > this query to just the one user or group of users we are interested in? > > 2013-07-23 14:04:31 DEBUG [keystone.common.ldap.core] LDAP bind: > dn=cn=CloudOSKeystoneDev, ou=Applications, o=hp.com > > 2013-07-23 14:04:32 DEBUG [keystone.common.ldap.core] In > get_connection 6 user: cn=CloudOSKeystoneDev, ou=Applications, o=hp.com > > 2013-07-23 14:04:32 DEBUG [keystone.common.ldap.core] MY query in > _ldap_get_all: (&) > > 2013-07-23 14:04:32 DEBUG [keystone.common.ldap.core] LDAP search: > dn=ou=People,o=hp.com, scope=2, query=(&), attrs=['businessCategory', > 'userPassword', 'hpStatus', 'mail', 'uid'] > > 3.Next I want to acquire a scoped token. How do I assign the LDAP user > to a local project? > > Regards, > > Mark Miller >
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
