On Tue, Mar 3, 2015 at 8:44 PM, Fox, Kevin M <[email protected]> wrote:
> See the id_mapping table.
That's the first place I've looked into:
mysql> select * from keystone.id_mapping;
Empty set (0.00 sec)
I think because of
http://docs.openstack.org/developer/keystone/developing.html#identity-entity-id-management-between-controllers-and-drivers
[...]
To ensure that Keystone can determine to which backend it should route
an API call, starting with Juno, the identity manager will, provided
that domain-specific backends are enabled, build on-the-fly a
persistent mapping table between Keystone Public IDs that are
presented to the controller and the domain that holds the entity,
along with whatever local ID is understood by the driver.
To ensure backward compatibility, the default configuration of
either a single SQL or LDAP backend for Identity will not use the
mapping table [...]
I guess Calus can either set the id on the LDAP server (if he has
write access), or (probably the better solution) explicitly enable the
id mapping feature in Juno and pre-populate the `id_mapping` table.
.a.
--
[email protected]
[email protected] +41 (0)44 635 42 22
S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/
University of Zurich
Winterthurerstrasse 190
CH-8057 Zurich Switzerland
_______________________________________________
OpenStack-operators mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
