How to integrate identity with ldap ?

asked 2019-02-27 04:58:09 -0500

Hi, i am a university student in korea I am trying to integrate identity with ldap. I use devstack Rocky. My final goal is to link Google Suite with Identity Service in devstack. My test environment is running three instances above the cloud.(jy-dev-cont, jy-dev-comp, jy-ldap) And network security group is full access i have devstack server. I installed openldap and PLA(phpLDAPadmin) in Ldap Server(jy-ldap). They was working normally.

But I changed /etc/keystone/keystone.conf

[identity]
password_hash_rounds = 4
#driver = sql
driver = ldap

...

[ldap]
url = ldap://My ldap server ip
user = dc=Manager,dc=openstack,dc=org
password = ubuntu
suffix = dc=openstack,dc=org
user_tree_dn = ou=Users,dc=openstack,dc=org
user_objectclass = inetOrgPerson
group_tree_dn = ou=Groups,dc=openstack,dc=org
group_objectclass = groupOfNames
user_filter = (memberof=cn=openstack-users,ou=workgroups,dc=example,dc=org)
group_filter =
user_id_attribute      = cn
user_name_attribute    = sn
user_mail_attribute    = mail
user_pass_attribute    = userPassword
user_enabled_attribute = userAccountControl
user_enabled_mask      = 2
user_enabled_invert    = false
user_enabled_default   = 512
user_default_project_id_attribute =
user_additional_attribute_mapping =

group_id_attribute     = cn
group_name_attribute   = ou
group_member_attribute = member
group_desc_attribute   = description
group_additional_attribute_mapping =

i restarted the service

systemctl restart devstack@keystone

i checked the service

● devstack@keystone.service - Devstack devstack@keystone.service
   Loaded: loaded (/etc/systemd/system/devstack@keystone.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-02-27 10:12:48 UTC; 5min ago
 Main PID: 18007 (uwsgi)
   Status: "uWSGI is ready"
   CGroup: /system.slice/system-devstack.slice/devstack@keystone.service
           ├─18007 keystoneuWSGI maste
           ├─18012 keystoneuWSGI worker 
           ├─18013 keystoneuWSGI worker 
           ├─18014 keystoneuWSGI worker 
           └─18015 keystoneuWSGI worker

Here is the error.

DiscoveryFailure at /project/
Version requested but version discovery document was not found and allow_version_hack was False
Request Method: GET
Request URL:    http://203.254.143.131/dashboard/project/
Django Version: 1.11.18
Exception Type: DiscoveryFailure
Exception Value:    
Version requested but version discovery document was not found and allow_version_hack was False
Exception Location: /usr/local/lib/python2.7/dist-packages/keystoneauth1/discover.py in _run_discovery, line 1240
Python Executable:  /usr/bin/python
Python Version: 2.7.12
Python Path:    
['/opt/stack/horizon',
 '/opt/stack/horizon',
 '/opt/stack/keystone',
 '/opt/stack/glance',
 '/opt/stack/cinder',
 '/opt/stack/neutron',
 '/opt/stack/nova',
 '/opt/stack/placement',
 '/opt/stack/horizon',
 '/opt/stack/tempest',
 '/usr/lib/python2.7',
 '/usr/lib/python2.7/plat-x86_64-linux-gnu',
 '/usr/lib/python2.7/lib-tk',
 '/usr/lib/python2.7/lib-old',
 '/usr/lib/python2.7/lib-dynload',
 '/usr/local/lib/python2.7/dist-packages',
 '/usr/lib/python2.7/dist-packages',
 '/opt/stack/horizon/openstack_dashboard']
Server time:    수요일, 27 2월 2019 10:12:52 +0000
Error during template rendering
In template /opt/stack/horizon/horizon/templates/horizon/common/_sidebar.html, error at line 4

Version requested but version discovery document was not found and allow_version_hack was False
1   {% load branding horizon i18n %}
2   
3   <nav id='sidebar'>
4     {% horizon_nav %}
5   </nav>
6   
Traceback Switch to copy-and-paste view
/usr/local/lib/python2.7/dist-packages/django/core/handlers/exception.py in inner
            response = get_response(request) ...
▶ Local vars
/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py in _get_response
                response = self.process_exception_by_middleware(e, request)
.
.
.

Here is my ldap server

ubuntu@jy-ldap:~$ ldapsearch -x -W -D"cn=admin,dc=openstack ...
(more)
edit retag flag offensive close merge delete