Ask Your Question
0

Grizzly Keystone report error Code 500 "Internal Server Error" when using keystone user-list via Active Directory server.

asked 2013-04-23 05:52:05 -0500

j2d0024 gravatar image

Hi all,

I have set up OpenStack Grizzly that depended on https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/master/OpenStack_Grizzly_Install_Guide.rst (https://github.com/mseknibilel/OpenSt...)

My active directory server is determined by https://wiki.openstack.org/wiki/HowtoIntegrateKeystonewithAD (https://wiki.openstack.org/wiki/Howto...) . And then I modify the keystone.conf to connect with that.

I fill the attribute as the same as my old keystone.conf which is work before. but there are more added attributes which I don't understand in keystone.conf of Grizzly. So I just leave those attributes there in config.

Now the command keystone endpoint-list, keystone service-list are ok. But I still cannot get user-list, role-list, tenant-list at verison Grizzly. However it is work at old version.

Here is my keystone.conf after modifying for ldap:

[DEFAULT] admin_token = ADMIN log_file = keystone.log log_dir = /var/log/keystone

[sql] connection = mysql://keystoneUser:keystonePass@10.109.37.144/keystone

[identity] driver = keystone.identity.backends.ldap.Identity

default_domain_id = default

[trust] driver = keystone.trust.backends.sql.Trust

enabled = True

[catalog] driver = keystone.catalog.backends.sql.Catalog

[token] driver = keystone.token.backends.sql.Token

[policy] driver = keystone.policy.backends.sql.Policy

[ec2] driver = keystone.contrib.ec2.backends.sql.Ec2

[ssl]

[signing] token_format = UUID

[ldap] url = ldap://10.109.37.118:389 user = cn=administrator,cn=User,dc=npt,dc=sd1 password = cj;5xup2iaixlol suffix = cn=npt,cn=sd1 use_dumb_member = True allow_subtree_delete = False dumb_member = cn=administrator,ou=Users,dc=npt,dc=sd1

page_size = 0

alias_dereferencing = default

query_scope = one

user_tree_dn = cn=Users,dc=npt,dc=sd1 user_filter = user_objectclass = top #user_domain_id_attribute = businessCategory user_id_attribute = cn user_name_attribute = cn user_mail_attribute = email

user_pass_attribute = userPassword

user_enabled_attribute = enabled

user_enabled_mask = 0

user_enabled_default = True

user_attribute_ignore = tenant_id,tenants

user_allow_create = True

user_allow_update = True

user_allow_delete = True

user_enabled_emulation = False

user_enabled_emulation_dn =

tenant_tree_dn = ou=Tenants,dc=npt,dc=sd1

tenant_filter =

tenant_objectclass = top

tenant_domain_id_attribute = businessCategory

tenant_id_attribute = cn tenant_member_attribute = member tenant_name_attribute = cn tenant_desc_attribute = description tenant_enabled_attribute = enabled

tenant_attribute_ignore =

tenant_allow_create = True tenant_allow_update = True tenant_allow_delete = True

tenant_enabled_emulation = False

tenant_enabled_emulation_dn =

role_tree_dn = ou=Roles,dc=npt,dc=sd1

role_filter =

role_objectclass = top role_id_attribute = cn role_name_attribute = cn

role_name_attribute = ou

role_member_attribute = member

role_attribute_ignore =

role_allow_create = True role_allow_update = True role_allow_delete = True

group_tree_dn =

group_filter =

group_objectclass = groupOfNames

group_id_attribute = cn

group_name_attribute = ou

group_member_attribute = member

group_desc_attribute = desc

group_attribute_ignore =

group_allow_create = True

group_allow_update = True

group_allow_delete = True

[auth] methods = password,token password = keystone.auth.plugins.password.Password token = keystone.auth.plugins.token.Token

[filter:debug] paste.filter_factory = keystone.common.wsgi:Debug.factory

[filter:token_auth] paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory

[filter:admin_token_auth] paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory

[filter:xml_body] paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory

[filter:json_body] paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory

[filter:user_crud_extension] paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory

[filter:crud_extension] paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory

[filter:ec2_extension] paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory

[filter:s3_extension] paste.filter_factory = keystone.contrib.s3:S3Extension.factory

[filter:url_normalize] paste.filter_factory = keystone.middleware:NormalizingFilter.factory

[filter:sizelimit] paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory

[filter:stats_monitoring] paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory

[filter:stats_reporting] paste.filter_factory = keystone.contrib.stats:StatsExtension.factory

[filter:access_log] paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory

[app:public_service] paste ... (more)

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
0

answered 2013-04-29 08:46:35 -0500

j2d0024 gravatar image

Hi Andre:

Thank you for help. I changed my config and restarted keystone. Keystone can work correctly.

Thank you.

edit flag offensive delete link more
add a comment
0

answered 2013-04-26 21:53:19 -0500

andre-stephens gravatar image

Within your config, you have:

[ldap] url = ldap://10.109.37.118:389 user = cn=administrator,cn=User,dc=npt,dc=sd1 dumb_member = cn=administrator,ou=Users,dc=npt,dc=sd1

The dumb_member DN should be: cn=administrator,cn=User,dc=npt,dc=sd1

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2013-04-23 05:52:05 -0500

Seen: 146 times

Last updated: Apr 29 '13

Related questions

tenant add throws warning from essex-3 tag on github

Authorization Failed: request() got an unexpected keyword argument 'verify'

what is the difference between 'Domain', 'Group', 'Tenant' and 'Project'?

keystone + glance index failed

Havana keystone tenant creation problem

vNIC ordering inside VM

Failed to add image...

keystone error in kilo with ubuntu 14.04

Keystone Kerberos configuration

keystone relocation