Ask Your Question

Revision history [back]

You have to add that user from the LDAP domain as a member of the project you want to login to.

$ openstack domain list
+----------------------------------+-------------+---------+-----------------------------------------+
| ID                               | Name        | Enabled | Description                             |
+----------------------------------+-------------+---------+-----------------------------------------+
| 2c97596e3dd74f0ab40fdf2f1f0d67e9 | heat        | True    | Owns users and projects created by heat |
| a4dd02708e7d4dbc8c6eba0646371728 | otherdomain | True    | Dedicated MS/AD domain for  testing     |
| default                          | Default     | True    | The default domain                      |
+----------------------------------+-------------+---------+-----------------------------------------+


$ openstack user show testos --domain otherdomain
+-------------+------------------------------------------------------------------+
| Field       | Value                                                            |
+-------------+------------------------------------------------------------------+
| description | User in other domain                                             |
| domain_id   | a4dd02708e7d4dbc8c6eba0646371728                                 |
| email       | Testos@tst.local                                                 |
| enabled     | True                                                             |
| id          | 6d8e05e297d3d6136df8dcd404c5e1cd43ccd557a56453cfb87636c73022c9fa |
| name        | testos                                                           |
+-------------+------------------------------------------------------------------+


$ openstack role list
+----------------------------------+---------------------------+
| ID                               | Name                      |
+----------------------------------+---------------------------+
| 0363e1996c1842b2aa40e158010d84f2 | key-manager:creator       |
...
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_                  |
...
| e7ae3d9624194b6a94bf1e932dea7fdb | testosrole                |
| e9513270253140ec9b58599b53a18381 | designate_admin           |

+----------------------------------+---------------------------+

$ openstack role add --project testproj --user 6d8e05e297d3d6136df8dcd404c5e1cd43ccd557a56453cfb87636c73022c9fa  _member
$ openstack role assignment list --user  6d8e05e297d3d6136df8dcd404c5e1cd43ccd557a56453cfb87636c73022c9fa --domain SUSEL3
+----------------------------------+------------------------------------------------------------------+-------+---------+----------------------------------+-----------+
| Role                             | User                                                             | Group | Project | Domain                           | Inherited |
+----------------------------------+------------------------------------------------------------------+-------+---------+----------------------------------+-----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | 6d8e05e297d3d6136df8dcd404c5e1cd43ccd557a56453cfb87636c73022c9fa |       |         | a4dd02708e7d4dbc8c6eba0646371728 | False     |
+----------------------------------+------------------------------------------------------------------+-------+---------+----------------------------------+-----------+