Ask Your Question
0

Grizzly Keystone report error Code 500 "Internal Server Error" when using keystone user-list via Active Directory server.

asked 2013-04-23 05:52:05 -0600

j2d0024 gravatar image

Hi all,

I have set up OpenStack Grizzly that depended on https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/master/OpenStack_Grizzly_Install_Guide.rst (https://github.com/mseknibilel/OpenSt...)

My active directory server is determined by https://wiki.openstack.org/wiki/HowtoIntegrateKeystonewithAD (https://wiki.openstack.org/wiki/Howto...) . And then I modify the keystone.conf to connect with that.

I fill the attribute as the same as my old keystone.conf which is work before. but there are more added attributes which I don't understand in keystone.conf of Grizzly. So I just leave those attributes there in config.

Now the command keystone endpoint-list, keystone service-list are ok. But I still cannot get user-list, role-list, tenant-list at verison Grizzly. However it is work at old version.

Here is my keystone.conf after modifying for ldap:

[DEFAULT] admin_token = ADMIN log_file = keystone.log log_dir = /var/log/keystone

[sql] connection = mysql://keystoneUser:keystonePass@10.109.37.144/keystone

[identity] driver = keystone.identity.backends.ldap.Identity

default_domain_id = default

[trust] driver = keystone.trust.backends.sql.Trust

enabled = True

[catalog] driver = keystone.catalog.backends.sql.Catalog

[token] driver = keystone.token.backends.sql.Token

[policy] driver = keystone.policy.backends.sql.Policy

[ec2] driver = keystone.contrib.ec2.backends.sql.Ec2

[ssl]

[signing] token_format = UUID

[ldap] url = ldap://10.109.37.118:389 user = cn=administrator,cn=User,dc=npt,dc=sd1 password = cj;5xup2iaixlol suffix = cn=npt,cn=sd1 use_dumb_member = True allow_subtree_delete = False dumb_member = cn=administrator,ou=Users,dc=npt,dc=sd1

page_size = 0

alias_dereferencing = default

query_scope = one

user_tree_dn = cn=Users,dc=npt,dc=sd1 user_filter = user_objectclass = top #user_domain_id_attribute = businessCategory user_id_attribute = cn user_name_attribute = cn user_mail_attribute = email

user_pass_attribute = userPassword

user_enabled_attribute = enabled

user_enabled_mask = 0

user_enabled_default = True

user_attribute_ignore = tenant_id,tenants

user_allow_create = True

user_allow_update = True

user_allow_delete = True

user_enabled_emulation = False

user_enabled_emulation_dn =

tenant_tree_dn = ou=Tenants,dc=npt,dc=sd1

tenant_filter =

tenant_objectclass = top

tenant_domain_id_attribute = businessCategory

tenant_id_attribute = cn tenant_member_attribute = member tenant_name_attribute = cn tenant_desc_attribute = description tenant_enabled_attribute = enabled

tenant_attribute_ignore =

tenant_allow_create = True tenant_allow_update = True tenant_allow_delete = True

tenant_enabled_emulation = False

tenant_enabled_emulation_dn =

role_tree_dn = ou=Roles,dc=npt,dc=sd1

role_filter =

role_objectclass = top role_id_attribute = cn role_name_attribute = cn

role_name_attribute = ou

role_member_attribute = member

role_attribute_ignore =

role_allow_create = True role_allow_update = True role_allow_delete = True

group_tree_dn =

group_filter =

group_objectclass = groupOfNames

group_id_attribute = cn

group_name_attribute = ou

group_member_attribute = member

group_desc_attribute = desc

group_attribute_ignore =

group_allow_create = True

group_allow_update = True

group_allow_delete = True

[auth] methods = password,token password = keystone.auth.plugins.password.Password token = keystone.auth.plugins.token.Token

[filter:debug] paste.filter_factory = keystone.common.wsgi:Debug.factory

[filter:token_auth] paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory

[filter:admin_token_auth] paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory

[filter:xml_body] paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory

[filter:json_body] paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory

[filter:user_crud_extension] paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory

[filter:crud_extension] paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory

[filter:ec2_extension] paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory

[filter:s3_extension] paste.filter_factory = keystone.contrib.s3:S3Extension.factory

[filter:url_normalize] paste.filter_factory = keystone.middleware:NormalizingFilter.factory

[filter:sizelimit] paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory

[filter:stats_monitoring] paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory

[filter:stats_reporting] paste.filter_factory = keystone.contrib.stats:StatsExtension.factory

[filter:access_log] paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory

[app:public_service] paste ... (more)

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by » oldest newest most voted
0

answered 2013-04-29 08:46:35 -0600

j2d0024 gravatar image

Hi Andre:

Thank you for help. I changed my config and restarted keystone. Keystone can work correctly.

Thank you.

edit flag offensive delete link more
add a comment
0

answered 2013-04-26 21:53:19 -0600

andre-stephens gravatar image

Within your config, you have:

[ldap] url = ldap://10.109.37.118:389 user = cn=administrator,cn=User,dc=npt,dc=sd1 dumb_member = cn=administrator,ou=Users,dc=npt,dc=sd1

The dumb_member DN should be: cn=administrator,cn=User,dc=npt,dc=sd1

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2013-04-23 05:52:05 -0600

Seen: 188 times

Last updated: Apr 29 '13

Related questions

How to use keystone API extenstion to send a JSON format request “add global role to user ”?

Global and private endpoints on 2012.1

How to change keystone policy?

keystone not following config file

Keystone stopped working

Openstack resource integration

CPU and Instance Limit

deleted admin role by accident

How to run unit test?

"An error occurred authenticating. Please try again later." [closed]