Active directory integration issue
Hi,
I want to integrate the keystone with active directory, have followed below document to configure AD integration.
http://behindtheracks.com/2013/08/ope...
Have edited the schema as mentioned in document.
Below is my keystone configuration file, After configuration of keystone integration with AD I'm getting error logs which is pasted below and Keystone service is not starting.
**Keystone.conf**
[identity]
#driver = keystone.identity.backends.sql.Identity
driver = keystone.identity.backends.ldap.Identity
[ldap]
query_scope = sub
url = ldap://10.37.6.217
user = cn=ldapuser,cn=Users,dc=example,dc=com
password = password@123
suffix = dc=brocadestack,dc=com
use_dumb_member = True
#dumb_member = cn=ldapuser,cn=Users,dc=example,dc=com
user_tree_dn = cn=Users,dc=example,dc=com
user_objectclass = organizationalPerson
user_id_attribute = sAMAccountName
user_name_attribute = cn
user_mail_attribute = mail
user_enabled_attribute = userAccountControl
user_enabled_mask = 2
user_enabled_default = 512
user_attribute_ignore = password,tenant_id,tenants
user_allow_create = True
user_allow_update = True
user_allow_delete = True
tenant_tree_dn = ou=Projects,ou=OpenStack,dc=example,dc=com
tenant_objectclass = organizationalUnit
tenant_id_attribute = ou
tenant_member_attribute = member
tenant_name_attribute = ou
tenant_desc_attribute = description
tenant_enabled_attribute = extensionName
tenant_attribute_ignore = description,businessCategory,extensionName
tenant_allow_create = True
tenant_allow_update = True
tenant_allow_delete = True
role_tree_dn = ou=Roles,ou=OpenStack,dc=example,dc=com
role_objectclass = organizationalRole
role_id_attribute = cn
role_name_attribute = ou
role_member_attribute = roleOccupant
role_allow_create = True
role_allow_update = True
role_allow_delete = True
root@controller:/var/log/keystone# service keystone status
keystone stop/waiting
**Keystone.log**
root@controller:/var/log/keystone# tail keystone.log
2014-05-07 11:27:48.177 13469 INFO keystone.common.environment [-] Environment configured as: eventlet
2014-05-07 11:27:48.273 13469 CRITICAL keystone [-] No module named ldap
2014-05-07 11:27:48.508 13474 INFO keystone.common.environment [-] Environment configured as: eventlet
2014-05-07 11:27:48.604 13474 CRITICAL keystone [-] No module named ldap
2014-05-07 11:27:48.830 13482 INFO keystone.common.environment [-] Environment configured as: eventlet
2014-05-07 11:27:48.923 13482 CRITICAL keystone [-] No module named ldap
2014-05-07 11:27:49.157 13490 INFO keystone.common.environment [-] Environment configured as: eventlet
2014-05-07 11:27:49.251 13490 CRITICAL keystone [-] No module named ldap
2014-05-07 11:27:49.481 13495 INFO keystone.common.environment [-] Environment configured as: eventlet
2014-05-07 11:27:49.576 13495 CRITICAL keystone [-] No module named ldap
# keystone user-list
root@controller:/var/log/keystone# keystone user-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
<attribute 'message' of 'exceptions.BaseException' objects> (HTTP Unable to establish connection to http://controller:35357/v2.0/users)
Has any one face this issue please share me the how this is done.
Thanks, Arun.
Need similar reports from your system:-
[root@dfw02 ~(keystone_admin)]$ systemctl list-units | grep keystone
openstack-keystone.service loaded active running OpenStack Identity Service (code-named Keystone)
[root@dfw02 ~(keystone_admin)]$ ps -aux | grep keystone
keystone 1298 0.0 0.6 396468 51904 ? Ss 08:08 0:02 /usr/bin/python /usr/bin/keystone-all --config-file /usr/share/keystone/keystone-dist.conf --config-file /etc/keystone/keystone.conf
[root@dfw02 ~(keystone_admin)]$ netstat -ntpl | grep 1298
tcp 0 0 0.0.0.0:35357 0.0.0.0:* LISTEN 1298/python
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 1298/python
Below are the output of above commands.
root@controller:~# systemctl list-units | grep keystone Failed to get D-Bus connection: No connection to service manager.
root@controller:~# ps -aux | grep keystone Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html root 16700 0.0 0.0 9392 940 pts/14 S+ 18:49 0:00 grep --color=auto keystone
root@controller:~# netstat -ntpl | grep 1298 root@controller:~#
Thanks
OK. One more time It's not Fedora, Ubuntu I guess.Your commands are different from mine
Check on on your system
$ service openstack-keystone status
$ ps -ef | grep keystone
It will give you process id (if keystone service is RUNNING). You are supposed get real number - xxxxxx.
Then run with your value of xxxxxxx :-
$netstat -lntp | grep xxxxxxx
Yes you are right it is on UBUNTU
Keystone service is not coming up even though if we start.
root@controller:~# service keystone status keystone stop/waiting
root@controller:~# service keystone status keystone stop/waiting root@controller:~# ps -ef | grep keystone root 16728 14198 0 19:39 pts/14 00:00:00 grep --color=auto keystone root@controller:~# netstat -lntp | grep 16728 root@controller:~# netstat -lntp | grep 14198
I got above output for ps-ef, if i do netstat it is not giving any output because keystone service is stopped.
thanks for reply.
First thing to do is bring back to life keystone service. What says /var/log/keystone/keystone.log ?