You need to create service users in ldap ADMIN_TOKEN should work for assigning roles
Regards, IT engineer Farheap, Russia Ivan Derbenev -----Original Message----- From: Marc Pape [mailto:marc.p...@gmail.com] Sent: Monday, August 17, 2015 10:32 AM To: openstack@lists.openstack.org Subject: [Openstack] Problems with OpenStack and LDAP Hello everybody, i've got some problems with our OpenStack (Juno) and the Integrate Identity Service over LDAP. The LDAP connection is read only, so i configured the [identity], [ldap] and [assignment] parts in keystone conf. The identity part use "driver = keystone.identity.backends.ldap.Identity" and assignment "driver = keystone.assignment.backends.sql.Assignment" Our goal is a user authentication via LDAP and project assignment in the internal SQL . It would be great if the service users of OpenStack are also stored in SQL, but they are also currently in the LDAP deposited. After restarting the Keystone Service authentication via LDAP is possible. The user get the message that no projects assigned to him. Now there are wto problems. How can you log in as admin to assign projects and keystone said that it couldn't find the service user like ceilometer, neutron and so on. I've followed the instructions on docs.openstack.org for Identity management, but i didn't find any notices about that problems. Many greetings and thanks for a possible answer Marc _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
