I have keystone set up with domain-specific configuration, with one domain (testdomain1) using LDAP as the identity backend, while the default domain is using the sql backend.
The "openstack user list --domain testdomain1" command works ok, and shows the users from the LDAP backend: # openstack user list --domain testdomain1 +------------------------------------------------------------------+-------+ | ID | Name | +------------------------------------------------------------------+-------+ | 94de8c8a8be4840cc7e69df0d561f6691a68411a904c978b7359a3bd737ab836 | ccard | +------------------------------------------------------------------+-------+ I have also created a project (testproject1) in the testdomain1 domain ok: # openstack project show testproject1 +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | | | domain_id | bab626f8e76e44d4b85036425341eea4 | | enabled | True | | id | 890a5adb3df84a1584442b4685d57270 | | name | testproject1 | +-------------+----------------------------------+ # openstack domain show testdomain1 +---------+----------------------------------+ | Field | Value | +---------+----------------------------------+ | enabled | True | | id | bab626f8e76e44d4b85036425341eea4 | | name | testdomain1 | +---------+----------------------------------+ But if I try to do "openstack role add --project testproject1 --user ccard _member_" I get the error message "ERROR: openstack The request you have made requires authentication. (HTTP 401)" and in /etc/keystone/keystone.log I see: 2015-02-24 15:05:11.534 32138 WARNING keystone.common.wsgi [-] Could not find role: _member_ 2015-02-24 15:05:11.584 32138 WARNING keystone.common.wsgi [-] Could not find user: ccard 2015-02-24 15:05:11.604 32138 WARNING keystone.common.controller [-] No domain information specified as part of list request 2015-02-24 15:05:11.605 32138 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from ********* 2015-02-24 15:05:11.802 32138 WARNING keystone.common.controller [-] No domain information specified as part of list request 2015-02-24 15:05:11.802 32138 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from ********* (I am running Juno, on CentOS 7) Any ideas? Chris _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
