Ask Your Question

options for user_enabled_attribute in keystone configuration

asked 2017-02-15 01:20:32 -0500

Jared gravatar image

updated 2017-02-15 01:30:32 -0500

Hi guys,

I installed keystone newton. It works well when integrating with mysql.

When I tried to integrate it with ApacheDS LDAP server, I encountered following errors,

request done: ld 0x3dfe570 msgid 5

res_errno: 16, res_error: NO_SUCH_ATTRIBUTE: failed for MessageType : ADD_REQUEST

Message ID : 5

Add Request :


dn[n]: cn=776dd06ad33340f3af56802b4c55b24d,ou=Users,dc=kdc,dc=istuary,dc=com

objectClass: person

objectClass: inetOrgPerson

sn: admin

cn: 776dd06ad33340f3af56802b4c55b24d

userAccountControl: 512

userPassword: 0x61 0x64 0x6D 0x69 0x6E

: ERR_04269 ATTRIBUTE_TYPE for OID useraccountcontrol does not exist!>, res_matched: <>

ldap_free_request (origid 5, msgid 5)

It seemed that there was not user_enabled_attribute support in ApacheDS.

Could ApacheDS LDAP server be integrated with keystone? If so, how could I fix the problem?



edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2017-05-24 05:32:27 -0500

scarface gravatar image

HI jared

if ApacheDS LDAP does not have your attribute (useraccountcontrol) use another one, LIKE "employeeType"

you can fill "employeeType" attribute in LDAP by 0 OR 1 for enabling OR disabling a user, and in your keystone.conf you should change user_enabled_attribute like this:

user_enabled_attribute = employeeType

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2017-02-15 01:20:32 -0500

Seen: 274 times

Last updated: Feb 15 '17