Active Directory Authentication, cannot find CN=Organizational-Role

asked 2014-03-31 08:36:22 -0600

c0nsaw gravatar image

updated 2014-09-05 17:00:38 -0600

smaffulli gravatar image

Hey folks, Im trying to follow the procedure for allowing AD logins for openstack. I have setup a samba 4 AD DC on CentOS, I was hoping to authenticate Openstack logins through this. This is a college project, nothing production related, so a single basic user login through this method would suffice.

There is no “CN=Organizational-Role” to open. I have successfully bound a server to my new domain. So I know it is working as far as I can tell, any ideas, please see screen cap attached in the link.


  1. In ADSI Edit go to schema

  2. Open CN=Organizational-Role

  3. In attribute editor edit possSuperiors

  4. Add groupOfNames in the values and click OK


edit retag flag offensive close merge delete


Which guide are you following? It is much easier to use AD for Identity and SQL for assignment. Then you aren't making changes against the directory to allow for tenants/roles.

mpetason gravatar imagempetason ( 2014-03-31 08:43:56 -0600 )edit

Hey, I was using this (

c0nsaw gravatar imagec0nsaw ( 2014-03-31 10:28:02 -0600 )edit

If you get stuck on anything, this is actually helpful as well:

mpetason gravatar imagempetason ( 2014-03-31 10:44:00 -0600 )edit

Nice one, cheers pal :)

c0nsaw gravatar imagec0nsaw ( 2014-03-31 14:16:08 -0600 )edit

1 answer

Sort by » oldest newest most voted

answered 2014-03-31 10:40:31 -0600

c0nsaw gravatar image

updated 2014-03-31 14:22:41 -0600

The issue has been resolved, after I ran the 5 years of windows 2008 r2 updates :-p Organizational-Role is now visible

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-03-31 08:36:22 -0600

Seen: 513 times

Last updated: Sep 05 '14