How can I setup authentication via atlassian Crowd [closed]
Hi
Openstack Version: Grizzly running on Ubuntu
I am trying to set up authentication from the Dashboard using atlassian Crowd. Here are the relevant sections of the keystone.conf file
[identity]
driver = keystone.identity.backends.ldap.Identity
[ldap]
url = <url>
user = admin dc=Manager,dc=example,dc=com
password = ****
suffix = cn=example,cn=com
use_dumb_member = False
allow_subtree_delete = False
dumb_member = cn=dumb,dc=example,dc=com
# Maximum results per page; a value of zero ('0') disables paging (default)
page_size = 0
# The LDAP dereferencing option for queries. This can be either 'never',
# 'searching', 'always', 'finding' or 'default'. The 'default' option falls
# back to using default dereferencing configured by your ldap.conf.
alias_dereferencing = default
# The LDAP scope for queries, this can be either 'one'
# (onelevel/singleLevel) or 'sub' (subtree/wholeSubtree)
query_scope = one
user_tree_dn = ou=Users,dc=example,dc=com
user_filter =
user_objectclass = inetOrgPerson
user_domain_id_attribute = businessCategory
user_id_attribute = cn
user_name_attribute = sn
user_mail_attribute = email
user_pass_attribute = userPassword
user_enabled_attribute = enabled
user_enabled_mask = 0
user_enabled_default = True
user_attribute_ignore = tenant_id,tenants
user_allow_create = True
user_allow_update = True
user_allow_delete = True
user_enabled_emulation = False
user_enabled_emulation_dn =
tenant_tree_dn = ou=Groups,dc=example,dc=com
tenant_filter =
tenant_objectclass = groupOfNames
tenant_domain_id_attribute = businessCategory
tenant_id_attribute = cn
tenant_member_attribute = member
tenant_name_attribute = ou
tenant_desc_attribute = desc
tenant_enabled_attribute = enabled
tenant_attribute_ignore =
tenant_allow_create = True
tenant_allow_update = True
tenant_allow_delete = True
tenant_enabled_emulation = False
tenant_enabled_emulation_dn =
role_tree_dn = ou=Roles,dc=example,dc=com
role_filter =
role_objectclass = organizationalRole
role_id_attribute = cn
role_name_attribute = ou
role_member_attribute = roleOccupant
role_attribute_ignore =
role_allow_create = True
role_allow_update = True
role_allow_delete = True
group_tree_dn =
group_filter =
group_objectclass = groupOfNames
group_id_attribute = cn
group_name_attribute = ou
group_member_attribute = member
group_desc_attribute = desc
group_attribute_ignore =
group_allow_create = True
group_allow_update = True
group_allow_delete = True
I only need to configure access through the dashboard.
Can anyone give me an example of the steps required.
You may want to post your keystone [ldap] section with passwords blanked out. That should help with figuring out what is causing the error. It could be a search string or an option misconfigured.
Thanks. I have uncommented everything in the ldap section, and I now get connection refused. I have pasted the ldap section of the keystone.conf file I can't see where I am supposed to add the crowd credentials.
Crowd would need to allow you to access it using LDAP not Http. That is probably the issue. I haven't worked with Crowd enough to know if it allows LDAP connections:
url = https://sb-rtdi-crowd-01.build.sec.sa...
Would be
url = ldap://sb-rtdi-crowd-01.build.sec.safran/crowd
You probably can't use Crowd as a backend for Keystone using LDAP. You would need a plugin that may not exist.