active directory 2008 and keystone integration
Hi all
I am installed Openstack RDO in my lab as packstack and testing integration with active directory server.
My test stand description:
controller2-tst - IP x.x.x.x
vs-c06-ad-tst.test.local - IP x.x.x.x, Active directory Win28k server
Used article to configure keystone - https://www.ibm.com/developerworks/cloud/library/cl-configure-keystone-ldap-and-active-directory/index.html (https://www.ibm.com/developerworks/cl...)
But integration isn`t working. In keystone log i am see errors:
An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-7c417195-fb14-4f1b-9f26-d1cdc05ff7f7)
2018-12-13 11:57:03.253 11750 WARNING oslo_config.cfg [-] Option "driver" from group "token" is deprecated for removal. Its value may be silently ignored in the future. 2018-12-13 11:57:03.349 11750 INFO keystone.token.persistence.backends.sql [-] Total expired tokens removed: 0 2018-12-13 11:57:20.550 11779 WARNING oslo_config.cfg [-] Option "driver" from group "token" is deprecated for removal. Its value may be silently ignored in the future. 2018-12-13 11:57:20.881 11779 INFO keystone.common.wsgi [req-675018fd-1ddd-4b82-ac3f-c75fc36aa964 - - - - -] GET http://172.31.191.100:5000/v3/ 2018-12-13 11:57:22.961 11781 WARNING oslo_config.cfg [-] Option "driver" from group "token" is deprecated for removal. Its value may be silently ignored in the future. 2018-12-13 11:57:23.309 11781 INFO keystone.common.wsgi [req-7c417195-fb14-4f1b-9f26-d1cdc05ff7f7 - - - - -] POST http://172.31.191.100:5000/v3/auth/tokens (http://172.31.191.100:5000/v3/auth/to...) 2018-12-13 11:57:23.463 11781 WARNING stevedore.named [req-7c417195-fb14-4f1b-9f26-d1cdc05ff7f7 - - - - -] Could not load keystone.identity.backends.ldap.Identity 2018-12-13 11:57:23.464 11781 ERROR keystone.common.wsgi [req-7c417195-fb14-4f1b-9f26-d1cdc05ff7f7 - - - - -] (u'Unable to find %(name)r driver in %(namespace)r.', {'namespace': 'keystone.identity', 'name': 'keystone.identity.backends.ldap.Identity'}): ImportError: (u'Unable to find %(name)r driver in %(namespace)r.', {'namespace': 'keystone.identity', 'name': 'keystone.identity.backends.ldap.Identity'}) 2018-12-13 11:57:23.464 11781 ERROR keystone.common.wsgi Traceback (most recent call last):
My keystone configs is below keystone.conf [identity] domain_specific_drivers_enabled=true domain_config_dir=/etc/keystone/domains
/etc/keystone/domains/keystone.TEST.conf [ldap] url = ldap://vs-c06-ad-tst.test.local user = cn=adminAD,dc=test,dc=local password = Qwerty123 suffix = dc=test,dc=local group_tree_dn = ou=UserGroups,dc=test,dc=local user_tree_dn = ou=Users,dc=test,dc=local user_mail_attribute = mail
[identity] driver = keystone.identity.backends.ldap.Identity
etc/openstack-dashboard/local_settings OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
I am still able to open http://controller2-tst:5000/v3 link but i am can`t logon into horizon dashboard as Active directory user. I had trying to change drivers between keystone.identity.backends.ldap.Identity and keystone.identity.backends.sql.Identity still no changes.
Please use the 101010 button to turn your code into something readable.
The IBM instructions are for Juno, 4 years old or so. The driver config setting looks incorrect. Try setting it to ldap. See https://docs.openstack.org/keystone/l....