Integrate Active Directory with OpenStack Keystone

asked 2020-05-04 01:53:16 -0500

anonymous user

Anonymous

I'm new to openstack(version stein). I followed the installation guide that follows:https://docs.openstack.org/fr/install-guide/ . I installed little by little the different services until the end. Now I wish that the users of my ldap sous can connect to openstack. I have for that a windows 2016 server with a ldap (lab.local) installed and secured with ssl so ldaps. To integrate my ldap in keystone, I followed these 2 tutorials: https://www.assistanz.com/active-directory-integrate-keystone/ (https://www.assistanz.com/active-dire...) and https://www.youtube.com/watch?v=Hx8Ic3XDi3c (https://www.youtube.com/watch?v=Hx8Ic...). But arrived at the command : openstack user list --domain LAB, the controller returns me this error: An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-3ab3004d-7e11-4813-91d4-db736472b12e) So I checked the other openstack commands and they work just like the same command with the default doamine: openstack user list --domain default. So I checked the var /var/log/keystone/keystone.log and I got this error: LDAPServerConnectionError: An unexpected error prevented the server from fulfilling your request. And after looking for the answer to my problem, I used the curl command : curl -v --cacert srvad.lab.local.crt ldaps://srvad.lab.local:636 to check the crt certificate but I get this error: curl (77) problem with the ssl ca cert (path access rights ) REMINDER: ping ip/dns ok

edit retag flag offensive close merge delete

Comments

The connection from the OpenStack controller to the LDAP server is not set up correctly. It looks like something is wrong with your TLS configuration. Perhaps the permissions on some files are incorrect?

In any case, use ldapsearch to test LDAP access before configuring it in OpenStack.

Bernd Bausch gravatar imageBernd Bausch ( 2020-05-04 19:59:13 -0500 )edit