"An error occurred authenticating. Please try again later." on authentication with ldap configuration. [closed]
This is on icehouse.
o Trying to get /var/log/keystone/keystone.log (permissons are to root) to work but not successful.
o SQL works on this single node for keystone.
Error: An error occurred authenticating. Please try again later.
================ See keystone.conf below:
[DEFAULT]
admin_token = admin_pass
admin_bind_host = x.x.x.x
admin_endpoint = http://x.x.x.x:%(admin_port)s/
public_endpoint = http://x.x.x.x:%(public_port)s/
########################################################
log_file = /var/log/keystone/keystone.log
debug = True
verbose = True
########################################################
[identity]
#driver = keystone.identity.backends.sql.Identity
driver = keystone.identity.backends.ldap.Identity
[ldap]
url=ldap://mycorporateserver.xxx:port_number
user = dc=Manager,dc=example,dc=org
password = samplepassword
suffix = dc=example,dc=org
use_dumb_member = False
allow_subtree_delete = False
user_tree_dn = ou=Users,dc=example,dc=org
user_objectclass = inetOrgPerson
tenant_tree_dn = ou=Groups,dc=example,dc=org
tenant_objectclass = groupOfNames
role_tree_dn = ou=Roles,dc=example,dc=org
role_objectclass = organizationalRole
user_objectclass = person
user_allow_create = False
user_allow_update = False
user_allow_delete = False
tenant_allow_create = False
tenant_allow_update = False
tenant_allow_delete = False
role_allow_create = False
role_allow_update = False
role_allow_delete = False
user_filter = (memberof=cn=openstack-users,ou=workgroups,dc=example,dc=org)
tenant_filter =
role_filter =
user_enabled_attribute = userAccountControl
user_enabled_mask = 2
user_enabled_default = 512
# everything else in keystone.conf was as pulled from github.
===============================
Original keystone.conf that works
[DEFAULT]
admin_token = admin_pass
admin_bind_host = x.x.x.x
admin_endpoint = http://x.x.x.x:%(admin_port)s/
public_endpoint = http://x.x.x.x:%(public_port)s/
#
# Options defined in keystone
#
# A "shared secret" that can be used to bootstrap Keystone.
# This "token" does not represent a user, and carries no
# explicit authorization. To disable in production (highly
# recommended), remove AdminTokenAuthMiddleware from your
# paste application pipelines (for example, in keystone-
# paste.ini). (string value)
#admin_token=ADMIN
# The IP Address of the network interface to for the public
# service to listen on. (string value)
# Deprecated group/name - [DEFAULT]/bind_host
#public_bind_host=0.0.0.0
# The IP Address of the network interface to for the admin
# service to listen on. (string value)
# Deprecated group/name - [DEFAULT]/bind_host
#admin_bind_host=0.0.0.0
# The port which the OpenStack Compute service listens on.
# (integer value)
#compute_port=8774
# The port number which the admin service listens on. (integer
# value)
#admin_port=35357
# The port number which the public service listens on.
# (integer value)
#public_port=5000
# The base public endpoint URL for keystone that are
# advertised to clients (NOTE: this does NOT affect how
# keystone listens for connections) (string value).
# Defaults to the base host URL of the request. Eg a
# request to http://server:5000/v2.0/users will
# default to http://server:5000. You should only need
# to set this value if the base URL contains a path
# (eg /prefix/v2.0) or the endpoint should be found on
# a different server.
#public_endpoint=http://localhost:%(public_port)s/
# The base admin endpoint URL for keystone that are advertised
# to clients (NOTE: this does NOT affect how keystone listens
# for connections) (string value).
# Defaults to the base host URL of the request. Eg a
# request to http://server:35357/v2.0/users will
# default to http://server:35357. You should only need
# to set this ...
o python-ldap installed before testing.
o restarted keystone server after config change.
Would appreciate hints on how to get logging working on keystone.
The keystone.conf was changed and service keystone restart done.
Following these procedures from http://openstack.org
http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html (http://docs.openstack.org/admin-guide...)
What errors are you getting?
Add details in the question, not comments: makes the question more readable.