Re: [Openstack] How to configure Keystone with open LDAP + horizon on grizzly
Now my authentication phase is right through ldap i guess. But Im getting a error when try to login saying You are not authorized for any projects. My ldap configurations have been used by the keystone it seems. keystone command gives following results. root@ubuntu:/home/wso2/ldap#* keystone user-list* WARNING: Bypassing authentication using a token endpoint (authentication credentials are being ignored). +--+--+-+--+ | id | name | enabled | email | +--+--+-+--+ | demo | demo | True | d...@example.com | +--+--+-+--+ root@ubuntu:/home/wso2/ldap# *keystone role-list* WARNING: Bypassing authentication using a token endpoint (authentication credentials are being ignored). +---+---+ | id | name | +---+---+ | admin | Admin | +---+---+ root@ubuntu:/home/wso2/ldap# *keystone tenant-list* WARNING: Bypassing authentication using a token endpoint (authentication credentials are being ignored). +---+---+-+ | id | name | enabled | +---+---+-+ | admin | admin | True | +---+---+-+ But with nova commands return a error with the ldap user credentials. #* nova image-list* ERROR: Invalid OpenStack Nova credentials. System variables I used as follows. export OS_USERNAME=demo export OS_TENANT_NAME=admin export OS_PASSWORD=secret export OS_AUTH_URL=http://192.168.1.111:5000/v2.0/ export OS_REGION_NAME=RegionOne export SERVICE_ENDPOINT=http://192.168.1.111:35357/v2.0; export SERVICE_TOKEN=012345SECRET99TOKEN012345 export OS_NO_CACHE=1 Following is the keystone log.. 2013-05-29 02:45:20DEBUG [keystone.common.ldap.core] LDAP search: dn=ou=Tenants,dc=example,dc=com, scope=2, query=((objectClass=organizationalRole)(roleOccupant=cn=demo,ou=Users,dc=example,dc=com)), attrs=None 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] RESPONSE HEADERS 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Vary = X-Auth-Token 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Type = application/json 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Length = 36 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] RESPONSE BODY 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] {tenants_links: [], tenants: []} 2013-05-29 02:45:20 INFO [access] 127.0.0.1 - - [28/May/2013:21:15:20 +] GET http://127.0.0.1:5000/v2.0/tenants HTTP/1.0 200 36 2013-05-29 02:45:20DEBUG [eventlet.wsgi.server] 127.0.0.1 - - [29/May/2013 02:45:20] GET /v2.0/tenants HTTP/1.1 200 164 0.028584 And tenant config of keystone as follows; tenant_tree_dn = ou=Tenants,dc=example,dc=com tenant_objectclass = groupOfNames tenant_id_attribute = cn tenant_member_attribute = member tenant_name_attribute = cn tenant_domain_id_attribute = businessCategory tenant_enabled_attribute = o tenant_allow_create = True tenant_allow_update = True tenant_allow_delete = True tenant_desc_attribute = description *Any one have any suggestions??* It seems no tanents according to the log DEBUG [keystone.common.wsgi] {tenants_links: [], tenants: []} But i have enabled the user in the Tenant ldap group. dn: cn=admin,ou=Tenants,dc=example,dc=com objectClass: groupOfNames cn: admin o: True businessCategory: default description: Openstack admin Tenant member: cn=demo,ou=Users,dc=example,dc=com Thanks in advance..:) On Mon, May 20, 2013 at 11:24 AM, yasith tharindu yasithu...@gmail.comwrote: The question is posted on openstack ask page. https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/ Error 2013-05-19 15:21:23ERROR [root] 'domain_id' Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py, line 236, in __call__ result = method(context, **params) File /usr/lib/python2.7/dist-packages/keystone/token/controllers.py, line 82, in authenticate core.validate_auth_info(self, context, user_ref, tenant_ref) File /usr/lib/python2.7/dist-packages/keystone/token/core.py, line 84, in validate_auth_info user_ref['domain_id']) KeyError: 'domain_id' 2013-05-19 15:21:23DEBUG [keystone.common.wsgi] {error: {message: An unexpected error prevented the server from fulfilling your request. 'domain_id', code: 500, title: Internal Server Error}} Keystone config == url = ldap://192.168.1.111 user = cn=admin,dc=example,dc=com password = secret suffix = cn=example,cn=com use_dumb_member = False tree_dn = dc=example,dc=com user_tree_dn = ou=Users,dc=example,dc=com user_objectclass = inetOrgPerson user_id_attribute = cn user_name_attribute = sn user_pass_attribute = userPassword user_allow_create = True
Re: [Openstack] How to configure Keystone with open LDAP + horizon on grizzly
I have updated the ask page. https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/ On Wed, May 29, 2013 at 8:18 PM, yasith tharindu yasithu...@gmail.comwrote: Now my authentication phase is right through ldap i guess. But Im getting a error when try to login saying You are not authorized for any projects. My ldap configurations have been used by the keystone it seems. keystone command gives following results. root@ubuntu:/home/wso2/ldap#* keystone user-list* WARNING: Bypassing authentication using a token endpoint (authentication credentials are being ignored). +--+--+-+--+ | id | name | enabled | email | +--+--+-+--+ | demo | demo | True | d...@example.com | +--+--+-+--+ root@ubuntu:/home/wso2/ldap# *keystone role-list* WARNING: Bypassing authentication using a token endpoint (authentication credentials are being ignored). +---+---+ | id | name | +---+---+ | admin | Admin | +---+---+ root@ubuntu:/home/wso2/ldap# *keystone tenant-list* WARNING: Bypassing authentication using a token endpoint (authentication credentials are being ignored). +---+---+-+ | id | name | enabled | +---+---+-+ | admin | admin | True | +---+---+-+ But with nova commands return a error with the ldap user credentials. #* nova image-list* ERROR: Invalid OpenStack Nova credentials. System variables I used as follows. export OS_USERNAME=demo export OS_TENANT_NAME=admin export OS_PASSWORD=secret export OS_AUTH_URL=http://192.168.1.111:5000/v2.0/ export OS_REGION_NAME=RegionOne export SERVICE_ENDPOINT=http://192.168.1.111:35357/v2.0; export SERVICE_TOKEN=012345SECRET99TOKEN012345 export OS_NO_CACHE=1 Following is the keystone log.. 2013-05-29 02:45:20DEBUG [keystone.common.ldap.core] LDAP search: dn=ou=Tenants,dc=example,dc=com, scope=2, query=((objectClass=organizationalRole)(roleOccupant=cn=demo,ou=Users,dc=example,dc=com)), attrs=None 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] RESPONSE HEADERS 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Vary = X-Auth-Token 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Type = application/json 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] Content-Length = 36 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] RESPONSE BODY 2013-05-29 02:45:20DEBUG [keystone.common.wsgi] {tenants_links: [], tenants: []} 2013-05-29 02:45:20 INFO [access] 127.0.0.1 - - [28/May/2013:21:15:20 +] GET http://127.0.0.1:5000/v2.0/tenants HTTP/1.0 200 36 2013-05-29 02:45:20DEBUG [eventlet.wsgi.server] 127.0.0.1 - - [29/May/2013 02:45:20] GET /v2.0/tenants HTTP/1.1 200 164 0.028584 And tenant config of keystone as follows; tenant_tree_dn = ou=Tenants,dc=example,dc=com tenant_objectclass = groupOfNames tenant_id_attribute = cn tenant_member_attribute = member tenant_name_attribute = cn tenant_domain_id_attribute = businessCategory tenant_enabled_attribute = o tenant_allow_create = True tenant_allow_update = True tenant_allow_delete = True tenant_desc_attribute = description *Any one have any suggestions??* It seems no tanents according to the log DEBUG [keystone.common.wsgi] {tenants_links: [], tenants: []} But i have enabled the user in the Tenant ldap group. dn: cn=admin,ou=Tenants,dc=example,dc=com objectClass: groupOfNames cn: admin o: True businessCategory: default description: Openstack admin Tenant member: cn=demo,ou=Users,dc=example,dc=com Thanks in advance..:) On Mon, May 20, 2013 at 11:24 AM, yasith tharindu yasithu...@gmail.comwrote: The question is posted on openstack ask page. https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/ Error 2013-05-19 15:21:23ERROR [root] 'domain_id' Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py, line 236, in __call__ result = method(context, **params) File /usr/lib/python2.7/dist-packages/keystone/token/controllers.py, line 82, in authenticate core.validate_auth_info(self, context, user_ref, tenant_ref) File /usr/lib/python2.7/dist-packages/keystone/token/core.py, line 84, in validate_auth_info user_ref['domain_id']) KeyError: 'domain_id' 2013-05-19 15:21:23DEBUG [keystone.common.wsgi] {error: {message: An unexpected error prevented the server from fulfilling your request. 'domain_id', code: 500, title: Internal Server Error}} Keystone config == url = ldap://192.168.1.111 user = cn=admin,dc=example,dc=com password =
[Openstack] How to configure Keystone with open LDAP + horizon on grizzly
The question is posted on openstack ask page. https://ask.openstack.org/question/1350/how-to-configure-keystone-with-open-ldap-horizon-on-grizzly/ Error 2013-05-19 15:21:23ERROR [root] 'domain_id' Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py, line 236, in __call__ result = method(context, **params) File /usr/lib/python2.7/dist-packages/keystone/token/controllers.py, line 82, in authenticate core.validate_auth_info(self, context, user_ref, tenant_ref) File /usr/lib/python2.7/dist-packages/keystone/token/core.py, line 84, in validate_auth_info user_ref['domain_id']) KeyError: 'domain_id' 2013-05-19 15:21:23DEBUG [keystone.common.wsgi] {error: {message: An unexpected error prevented the server from fulfilling your request. 'domain_id', code: 500, title: Internal Server Error}} Keystone config == url = ldap://192.168.1.111 user = cn=admin,dc=example,dc=com password = secret suffix = cn=example,cn=com use_dumb_member = False tree_dn = dc=example,dc=com user_tree_dn = ou=Users,dc=example,dc=com user_objectclass = inetOrgPerson user_id_attribute = cn user_name_attribute = sn user_pass_attribute = userPassword user_allow_create = True user_allow_update = True user_enabled_attribute = enabled user_enabled_default = True user_domain_id_attribute = None tenant_tree_dn = ou=Tenants,dc=example,dc=com tenant_objectclass = groupOfNames tenant_id_attribute = cn tenant_member_attribute = member tenant_name_attribute = ou tenant_domain_id_attribute = None tenant_allow_create = True tenant_allow_update = True role_tree_dn = ou=Roles,dc=example,dc=com role_objectclass = groupOfNames role_member_attribute = member role_id_attribute = cn role_name_attribute = ou role_allow_create = True role_allow_update = True == ldap config as follows. dn: dc=example,dc=com objectClass: top objectClass: dcObject objectClass: organization o: example Inc dc: example dn: cn=admin,dc=example,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: c2VjcmV0 dn: ou=Users,dc=example,dc=com ou: users objectClass: organizationalUnit structuralObjectClass: organizationalUnit dn: ou=Roles,dc=example,dc=com ou: roles objectClass: organizationalUnit structuralObjectClass: organizationalUnit dn: ou=Tenants,dc=example,dc=com ou: tenants objectClass: organizationalUnit dn: cn=demo,ou=Users,dc=example,dc=com cn: demo displayName: demo givenName: demo mail: d...@example.com objectClass: inetOrgPerson objectClass: top sn: demo uid: demo userPassword:: c2VjcmV0 dn: cn=admin,ou=Roles,dc=example,dc=com objectClass: groupOfNames cn: admin description: Openstack admin Role member: cn=demo,ou=Users,dc=example,dc=com dn: cn=admin,ou=Tenants,dc=example,dc=com objectClass: groupOfNames cn: admin description: Openstack admin Tenant member: cn=demo,ou=Users,dc=example,dc=com I would really appreciate your help ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp