Hi,

I want to integrate the keystone with active directory, have followed below document to configure AD integration.

http://behindtheracks.com/2013/08/ope...

Have edited the schema as mentioned in document.

Below is my keystone configuration file, After configuration of keystone integration with AD I'm getting error logs which is pasted below and Keystone service is not starting.

**Keystone.conf**
[identity]
#driver = keystone.identity.backends.sql.Identity
driver = keystone.identity.backends.ldap.Identity

[ldap]
query_scope = sub
url = ldap://10.37.6.217
user = cn=ldapuser,cn=Users,dc=example,dc=com
password = password@123
suffix = dc=brocadestack,dc=com
use_dumb_member = True
#dumb_member = cn=ldapuser,cn=Users,dc=example,dc=com

user_tree_dn = cn=Users,dc=example,dc=com
user_objectclass = organizationalPerson
user_id_attribute = sAMAccountName
user_name_attribute = cn
user_mail_attribute = mail
user_enabled_attribute = userAccountControl
user_enabled_mask = 2
user_enabled_default = 512
user_attribute_ignore = password,tenant_id,tenants
user_allow_create = True
user_allow_update = True
user_allow_delete = True

tenant_tree_dn = ou=Projects,ou=OpenStack,dc=example,dc=com
tenant_objectclass = organizationalUnit
tenant_id_attribute = ou
tenant_member_attribute = member
tenant_name_attribute = ou
tenant_desc_attribute = description
tenant_enabled_attribute = extensionName
tenant_attribute_ignore = description,businessCategory,extensionName
tenant_allow_create = True
tenant_allow_update = True
tenant_allow_delete = True

role_tree_dn = ou=Roles,ou=OpenStack,dc=example,dc=com
role_objectclass = organizationalRole
role_id_attribute = cn
role_name_attribute = ou
role_member_attribute = roleOccupant
role_allow_create = True
role_allow_update = True
role_allow_delete = True

root@controller:/var/log/keystone# service keystone status
keystone stop/waiting

**Keystone.log**
root@controller:/var/log/keystone# tail keystone.log
2014-05-07 11:27:48.177 13469 INFO keystone.common.environment [-] Environment configured as: eventlet
2014-05-07 11:27:48.273 13469 CRITICAL keystone [-] No module named ldap
2014-05-07 11:27:48.508 13474 INFO keystone.common.environment [-] Environment configured as: eventlet
2014-05-07 11:27:48.604 13474 CRITICAL keystone [-] No module named ldap
2014-05-07 11:27:48.830 13482 INFO keystone.common.environment [-] Environment configured as: eventlet
2014-05-07 11:27:48.923 13482 CRITICAL keystone [-] No module named ldap
2014-05-07 11:27:49.157 13490 INFO keystone.common.environment [-] Environment configured as: eventlet
2014-05-07 11:27:49.251 13490 CRITICAL keystone [-] No module named ldap
2014-05-07 11:27:49.481 13495 INFO keystone.common.environment [-] Environment configured as: eventlet
2014-05-07 11:27:49.576 13495 CRITICAL keystone [-] No module named ldap

# keystone user-list

root@controller:/var/log/keystone# keystone user-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
<attribute 'message' of 'exceptions.BaseException' objects> (HTTP Unable to establish connection to http://controller:35357/v2.0/users)

Has any one face this issue please share me the how this is done.

Thanks, Arun.