How to configure Keystone with open LDAP + horizon on grizzly
I have enabled ldap with keystone and horizon. But always return following error, Any one successed with above setup.
2013-05-19 15:21:23 ERROR [root] 'domain_id' Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 236, in __call__ result = method(context, **params) File "/usr/lib/python2.7/dist-packages/keystone/token/controllers.py", line 82, in authenticate core.validate_auth_info(self, context, user_ref, tenant_ref) File "/usr/lib/python2.7/dist-packages/keystone/token/core.py", line 84, in validate_auth_info user_ref['domain_id']) KeyError: 'domain_id' 2013-05-19 15:21:23 DEBUG [keystone.common.wsgi] {"error": {"message": "An unexpected error prevented the server from fulfilling your request. 'domain_id'", "code": 500, "title": "Internal Server Error"}}
I dont understand the purpose of group_tree_dn
attribute on the keystone.conf? is it a must to enable ?
My keystone config as following
============================================================================== url = ldap://192.168.1.111 user = cn=admin,dc=example,dc=com password = secret suffix = cn=example,cn=com use_dumb_member = False tree_dn = dc=example,dc=com user_tree_dn = ou=Users,dc=example,dc=com user_objectclass = inetOrgPerson user_id_attribute = cn user_name_attribute = sn user_pass_attribute = userPassword user_allow_create = True user_allow_update = True user_enabled_attribute = enabled user_enabled_default = True user_domain_id_attribute = None tenant_tree_dn = ou=Tenants,dc=example,dc=com tenant_objectclass = groupOfNames tenant_id_attribute = cn tenant_member_attribute = member tenant_name_attribute = ou tenant_domain_id_attribute = None tenant_allow_create = True tenant_allow_update = True role_tree_dn = ou=Roles,dc=example,dc=com role_objectclass = groupOfNames role_member_attribute = member role_id_attribute = cn role_name_attribute = ou role_allow_create = True role_allow_update = True ==============================================
What I am wrong with
my ldap config as follows.
dn: dc=example,dc=com objectClass: top objectClass: dcObject objectClass: organization o: example Inc dc: example dn: cn=admin,dc=example,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: c2VjcmV0 dn: ou=Users,dc=example,dc=com ou: users objectClass: organizationalUnit structuralObjectClass: organizationalUnit dn: ou=Roles,dc=example,dc=com ou: roles objectClass: organizationalUnit structuralObjectClass: organizationalUnit dn: ou=Tenants,dc=example,dc=com ou: tenants objectClass: organizationalUnit dn: cn=demo,ou=Users,dc=example,dc=com cn: demo displayName: demo givenName: demo mail: demo@example.com objectClass: inetOrgPerson objectClass: top sn: demo uid: demo userPassword:: c2VjcmV0 dn: cn=admin,ou=Roles,dc=example,dc=com objectClass: groupOfNames cn: admin description: Openstack admin Role member: cn=demo,ou=Users,dc=example,dc=com dn: cn=admin,ou=Tenants,dc=example,dc=com objectClass: groupOfNames cn: admin description: Openstack admin Tenant member: cn=demo,ou=Users,dc=example,dc=com