Ask Your Question

Revision history [back]

Hi,

My Name is LakshmiNarayana and I am very new to openstack.

I have installed the openstack Mitaka(with help of http://docs.openstack.org/draft/install-guide-rdo/common/conventions.html)

I am trying to integrate Active directory 2012 as backend with Openstack Mitaka Keystone through ldap and below is my ldap domain configuration

[ldap] url = ldaps://HOSDC.hos.com:636 user = cn=administrator,cn=Users,dc=hos,dc=com password = atmecs@1234 suffix = dc=hos,dc=com user_tree_dn = cn=Users,dc=hos,dc=com user_objectclass = person user_filter = (memberOf=cn=Users,cn=hos,cn=com) user_id_attribute = sAMAccountName user_name_attribute = sAMAccountName user_mail_attribute = mail user_pass_attribute = user_enabled_attribute = userAccountControl user_enabled_mask = 2 user_enabled_default = 512 user_attribute_ignore = password,tenant_id,tenants user_allow_create = False user_allow_update = False user_allow_delete = False use_tls = False tls_cacertfile = /etc/ssl/certs/server_cert.crt query_scope = sub

[identity]

driver = keystone.identity.backends.ldap.Identity

But not able to retrieve the users information from Active directory and not getting any error message.

Below are logs from keytsone.log

2016-10-03 06:49:09.600 27104 INFO keystone.common.wsgi [req-d14b3f5b-3c1d-418b-9a2e-8cdc698f934e - - - - -] GET http://controller:35357/v3/ 2016-10-03 06:49:09.610 27106 INFO keystone.common.wsgi [req-86e535b4-1bbc-4541-aec2-977ee71eaf30 - - - - -] POST http://controller:35357/v3/auth/tokens 2016-10-03 06:49:09.741 27106 INFO keystone.token.providers.fernet.utils [req-86e535b4-1bbc-4541-aec2-977ee71eaf30 - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/ 2016-10-03 06:49:09.747 27105 INFO keystone.common.wsgi [req-bcd779b5-5daf-496f-989d-16ad4415c26b - - - - -] POST http://controller:35357/v3/auth/tokens 2016-10-03 06:49:09.876 27105 INFO keystone.token.providers.fernet.utils [req-bcd779b5-5daf-496f-989d-16ad4415c26b - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/ 2016-10-03 06:49:09.880 27108 INFO keystone.token.providers.fernet.utils [req-762bba96-cc61-4ba3-baa6-54bdbc705a22 - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/ 2016-10-03 06:49:09.940 27108 INFO keystone.common.wsgi [req-762bba96-cc61-4ba3-baa6-54bdbc705a22 285ebd0e744f49cabd80baecff9f4e00 c7ba6bc5419845d2b8010eabb3b2e950 - 46bdf8c3a8ab4ac4885a9ffd52a7cff3 46bdf8c3a8ab4ac4885a9ffd52a7cff3] GET http://controller:35357/v3/domains/hos 2016-10-03 06:49:09.943 27108 WARNING keystone.common.wsgi [req-762bba96-cc61-4ba3-baa6-54bdbc705a22 285ebd0e744f49cabd80baecff9f4e00 c7ba6bc5419845d2b8010eabb3b2e950 - 46bdf8c3a8ab4ac4885a9ffd52a7cff3 46bdf8c3a8ab4ac4885a9ffd52a7cff3] Could not find domain: hos 2016-10-03 06:49:09.947 27107 INFO keystone.token.providers.fernet.utils [req-674d6525-0ea6-416e-a4b1-928d78a9f6c7 - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/ 2016-10-03 06:49:10.012 27107 INFO keystone.common.wsgi [req-674d6525-0ea6-416e-a4b1-928d78a9f6c7 285ebd0e744f49cabd80baecff9f4e00 c7ba6bc5419845d2b8010eabb3b2e950 - 46bdf8c3a8ab4ac4885a9ffd52a7cff3 46bdf8c3a8ab4ac4885a9ffd52a7cff3] GET http://controller:35357/v3/domains?name=hos 2016-10-03 06:49:10.022 27104 INFO keystone.token.providers.fernet.utils [req-bdc65445-47b9-471c-b9d9-83c71836ad76 - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/

2016-10-03 06:49:10.087 27104 INFO keystone.common.wsgi [req-bdc65445-47b9-471c-b9d9-83c71836ad76 285ebd0e744f49cabd80baecff9f4e00 c7ba6bc5419845d2b8010eabb3b2e950 - 46bdf8c3a8ab4ac4885a9ffd52a7cff3 46bdf8c3a8ab4ac4885a9ffd52a7cff3] GET http://controller:35357/v3/users?domain_id=d9a257f1fd194963bcf7ea458bbdcc72

Command output

[root@controller keystone]# openstack user list --domain default +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 025e27db10f54c02bf0fdf0e9936484d | nova | | 20430d5fddd74359a0efc19c0df449c4 | neutron | | 285ebd0e744f49cabd80baecff9f4e00 | admin | | ab56f1e2bfd34db8a903e94721a14c5e | demo | | e7fc6ae55ec846cda34032dc31714cb2 | glance | | f31ee500775a4704bd05a3e23f279701 | lak | +----------------------------------+---------+ [root@controller keystone]# openstack user list --domain hos

[root@controller keystone]#

Someone please help me out... Do I need to change anything in AD or Keystone?

Regards, Lakshmi