Re: [Openstack] How to configure Keystone with open LDAP + horizon on grizzly
Now my authentication phase is right through ldap i guess. But Im getting a
error when try to login saying You are not authorized for any projects.
My ldap configurations have been used by the keystone it seems. keystone
command gives following results.
root@ubuntu:/home/wso2/ldap#* keystone user-list*
WARNING: Bypassing authentication using a token endpoint (authentication
credentials are being ignored).
+--+--+-+--+
| id | name | enabled | email |
+--+--+-+--+
| demo | demo | True | d...@example.com |
+--+--+-+--+
root@ubuntu:/home/wso2/ldap# *keystone role-list*
WARNING: Bypassing authentication using a token endpoint (authentication
credentials are being ignored).
+---+---+
| id | name |
+---+---+
| admin | Admin |
+---+---+
root@ubuntu:/home/wso2/ldap# *keystone tenant-list*
WARNING: Bypassing authentication using a token endpoint (authentication
credentials are being ignored).
+---+---+-+
| id | name | enabled |
+---+---+-+
| admin | admin | True |
+---+---+-+
But with nova commands return a error with the ldap user credentials.
#* nova image-list*
ERROR: Invalid OpenStack Nova credentials.
System variables I used as follows.
export OS_USERNAME=demo
export OS_TENANT_NAME=admin
export OS_PASSWORD=secret
export OS_AUTH_URL=http://192.168.1.111:5000/v2.0/
export OS_REGION_NAME=RegionOne
export SERVICE_ENDPOINT=http://192.168.1.111:35357/v2.0;
export SERVICE_TOKEN=012345SECRET99TOKEN012345
export OS_NO_CACHE=1
Following is the keystone log..
2013-05-29 02:45:20DEBUG [keystone.common.ldap.core] LDAP search:
dn=ou=Tenants,dc=example,dc=com, scope=2,
query=((objectClass=organizationalRole)(roleOccupant=cn=demo,ou=Users,dc=example,dc=com)),
attrs=None
2013-05-29 02:45:20DEBUG [keystone.common.wsgi]
RESPONSE HEADERS
2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Vary = X-Auth-Token
2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Type =
application/json
2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Length = 36
2013-05-29 02:45:20DEBUG [keystone.common.wsgi]
2013-05-29 02:45:20DEBUG [keystone.common.wsgi]
RESPONSE BODY
2013-05-29 02:45:20DEBUG [keystone.common.wsgi] {tenants_links: [],
tenants: []}
2013-05-29 02:45:20 INFO [access] 127.0.0.1 - - [28/May/2013:21:15:20
+] GET http://127.0.0.1:5000/v2.0/tenants HTTP/1.0 200 36
2013-05-29 02:45:20DEBUG [eventlet.wsgi.server] 127.0.0.1 - -
[29/May/2013 02:45:20] GET /v2.0/tenants HTTP/1.1 200 164 0.028584
And tenant config of keystone as follows;
tenant_tree_dn = ou=Tenants,dc=example,dc=com
tenant_objectclass = groupOfNames
tenant_id_attribute = cn
tenant_member_attribute = member
tenant_name_attribute = cn
tenant_domain_id_attribute = businessCategory
tenant_enabled_attribute = o
tenant_allow_create = True
tenant_allow_update = True
tenant_allow_delete = True
tenant_desc_attribute = description
*Any one have any suggestions??* It seems no tanents according to the log
DEBUG [keystone.common.wsgi] {tenants_links: [], tenants: []}
But i have enabled the user in the Tenant ldap group.
dn: cn=admin,ou=Tenants,dc=example,dc=com
objectClass: groupOfNames
cn: admin
o: True
businessCategory: default
description: Openstack admin Tenant
member: cn=demo,ou=Users,dc=example,dc=com
Thanks in advance..:)
On Mon, May 20, 2013 at 11:24 AM, yasith tharindu yasithu...@gmail.comwrote:
The question is posted on openstack ask page.
https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/
Error
2013-05-19 15:21:23ERROR [root] 'domain_id'
Traceback (most recent call last):
File /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py, line 236,
in __call__
result = method(context, **params)
File /usr/lib/python2.7/dist-packages/keystone/token/controllers.py, line
82, in authenticate
core.validate_auth_info(self, context, user_ref, tenant_ref)
File /usr/lib/python2.7/dist-packages/keystone/token/core.py, line 84, in
validate_auth_info
user_ref['domain_id'])
KeyError: 'domain_id'
2013-05-19 15:21:23DEBUG [keystone.common.wsgi] {error: {message: An
unexpected error prevented the server from fulfilling your request.
'domain_id', code: 500, title: Internal Server Error}}
Keystone config
==
url = ldap://192.168.1.111
user = cn=admin,dc=example,dc=com
password = secret
suffix = cn=example,cn=com
use_dumb_member = False
tree_dn = dc=example,dc=com
user_tree_dn = ou=Users,dc=example,dc=com
user_objectclass = inetOrgPerson
user_id_attribute = cn
user_name_attribute = sn
user_pass_attribute = userPassword
user_allow_create = True
Re: [Openstack] How to configure Keystone with open LDAP + horizon on grizzly
I have updated the ask page.
https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/
On Wed, May 29, 2013 at 8:18 PM, yasith tharindu yasithu...@gmail.comwrote:
Now my authentication phase is right through ldap i guess. But Im getting
a error when try to login saying You are not authorized for any
projects.
My ldap configurations have been used by the keystone it seems. keystone
command gives following results.
root@ubuntu:/home/wso2/ldap#* keystone user-list*
WARNING: Bypassing authentication using a token endpoint (authentication
credentials are being ignored).
+--+--+-+--+
| id | name | enabled | email |
+--+--+-+--+
| demo | demo | True | d...@example.com |
+--+--+-+--+
root@ubuntu:/home/wso2/ldap# *keystone role-list*
WARNING: Bypassing authentication using a token endpoint (authentication
credentials are being ignored).
+---+---+
| id | name |
+---+---+
| admin | Admin |
+---+---+
root@ubuntu:/home/wso2/ldap# *keystone tenant-list*
WARNING: Bypassing authentication using a token endpoint (authentication
credentials are being ignored).
+---+---+-+
| id | name | enabled |
+---+---+-+
| admin | admin | True |
+---+---+-+
But with nova commands return a error with the ldap user credentials.
#* nova image-list*
ERROR: Invalid OpenStack Nova credentials.
System variables I used as follows.
export OS_USERNAME=demo
export OS_TENANT_NAME=admin
export OS_PASSWORD=secret
export OS_AUTH_URL=http://192.168.1.111:5000/v2.0/
export OS_REGION_NAME=RegionOne
export SERVICE_ENDPOINT=http://192.168.1.111:35357/v2.0;
export SERVICE_TOKEN=012345SECRET99TOKEN012345
export OS_NO_CACHE=1
Following is the keystone log..
2013-05-29 02:45:20DEBUG [keystone.common.ldap.core] LDAP search:
dn=ou=Tenants,dc=example,dc=com, scope=2,
query=((objectClass=organizationalRole)(roleOccupant=cn=demo,ou=Users,dc=example,dc=com)),
attrs=None
2013-05-29 02:45:20DEBUG [keystone.common.wsgi]
RESPONSE HEADERS
2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Vary = X-Auth-Token
2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Type =
application/json
2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Length = 36
2013-05-29 02:45:20DEBUG [keystone.common.wsgi]
2013-05-29 02:45:20DEBUG [keystone.common.wsgi]
RESPONSE BODY
2013-05-29 02:45:20DEBUG [keystone.common.wsgi] {tenants_links: [],
tenants: []}
2013-05-29 02:45:20 INFO [access] 127.0.0.1 - - [28/May/2013:21:15:20
+] GET http://127.0.0.1:5000/v2.0/tenants HTTP/1.0 200 36
2013-05-29 02:45:20DEBUG [eventlet.wsgi.server] 127.0.0.1 - -
[29/May/2013 02:45:20] GET /v2.0/tenants HTTP/1.1 200 164 0.028584
And tenant config of keystone as follows;
tenant_tree_dn = ou=Tenants,dc=example,dc=com
tenant_objectclass = groupOfNames
tenant_id_attribute = cn
tenant_member_attribute = member
tenant_name_attribute = cn
tenant_domain_id_attribute = businessCategory
tenant_enabled_attribute = o
tenant_allow_create = True
tenant_allow_update = True
tenant_allow_delete = True
tenant_desc_attribute = description
*Any one have any suggestions??* It seems no tanents according to the
log DEBUG [keystone.common.wsgi] {tenants_links: [], tenants: []}
But i have enabled the user in the Tenant ldap group.
dn: cn=admin,ou=Tenants,dc=example,dc=com
objectClass: groupOfNames
cn: admin
o: True
businessCategory: default
description: Openstack admin Tenant
member: cn=demo,ou=Users,dc=example,dc=com
Thanks in advance..:)
On Mon, May 20, 2013 at 11:24 AM, yasith tharindu yasithu...@gmail.comwrote:
The question is posted on openstack ask page.
https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/
Error
2013-05-19 15:21:23ERROR [root] 'domain_id'
Traceback (most recent call last):
File /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py, line 236,
in __call__
result = method(context, **params)
File /usr/lib/python2.7/dist-packages/keystone/token/controllers.py,
line 82, in authenticate
core.validate_auth_info(self, context, user_ref, tenant_ref)
File /usr/lib/python2.7/dist-packages/keystone/token/core.py, line 84,
in validate_auth_info
user_ref['domain_id'])
KeyError: 'domain_id'
2013-05-19 15:21:23DEBUG [keystone.common.wsgi] {error: {message:
An unexpected error prevented the server from fulfilling your request.
'domain_id', code: 500, title: Internal Server Error}}
Keystone config
==
url = ldap://192.168.1.111
user = cn=admin,dc=example,dc=com
password =
[Openstack] How to configure Keystone with open LDAP + horizon on grizzly
The question is posted on openstack ask page.
https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/
Error
2013-05-19 15:21:23ERROR [root] 'domain_id'
Traceback (most recent call last):
File /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py,
line 236, in __call__
result = method(context, **params)
File /usr/lib/python2.7/dist-packages/keystone/token/controllers.py,
line 82, in authenticate
core.validate_auth_info(self, context, user_ref, tenant_ref)
File /usr/lib/python2.7/dist-packages/keystone/token/core.py, line
84, in validate_auth_info
user_ref['domain_id'])
KeyError: 'domain_id'
2013-05-19 15:21:23DEBUG [keystone.common.wsgi] {error:
{message: An unexpected error prevented the server from fulfilling
your request. 'domain_id', code: 500, title: Internal Server
Error}}
Keystone config
==
url = ldap://192.168.1.111
user = cn=admin,dc=example,dc=com
password = secret
suffix = cn=example,cn=com
use_dumb_member = False
tree_dn = dc=example,dc=com
user_tree_dn = ou=Users,dc=example,dc=com
user_objectclass = inetOrgPerson
user_id_attribute = cn
user_name_attribute = sn
user_pass_attribute = userPassword
user_allow_create = True
user_allow_update = True
user_enabled_attribute = enabled
user_enabled_default = True
user_domain_id_attribute = None
tenant_tree_dn = ou=Tenants,dc=example,dc=com
tenant_objectclass = groupOfNames
tenant_id_attribute = cn
tenant_member_attribute = member
tenant_name_attribute = ou
tenant_domain_id_attribute = None
tenant_allow_create = True
tenant_allow_update = True
role_tree_dn = ou=Roles,dc=example,dc=com
role_objectclass = groupOfNames
role_member_attribute = member
role_id_attribute = cn
role_name_attribute = ou
role_allow_create = True
role_allow_update = True
==
ldap config as follows.
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: example Inc
dc: example
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: c2VjcmV0
dn: ou=Users,dc=example,dc=com
ou: users
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
dn: ou=Roles,dc=example,dc=com
ou: roles
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
dn: ou=Tenants,dc=example,dc=com
ou: tenants
objectClass: organizationalUnit
dn: cn=demo,ou=Users,dc=example,dc=com
cn: demo
displayName: demo
givenName: demo
mail: d...@example.com
objectClass: inetOrgPerson
objectClass: top
sn: demo
uid: demo
userPassword:: c2VjcmV0
dn: cn=admin,ou=Roles,dc=example,dc=com
objectClass: groupOfNames
cn: admin
description: Openstack admin Role
member: cn=demo,ou=Users,dc=example,dc=com
dn: cn=admin,ou=Tenants,dc=example,dc=com
objectClass: groupOfNames
cn: admin
description: Openstack admin Tenant
member: cn=demo,ou=Users,dc=example,dc=com
I would really appreciate your help
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
