This is on icehouse.

o Trying to get /var/log/keystone/keystone.log (permissons are to root) to work but not successful.

o SQL works on this single node for keystone.

Error: An error occurred authenticating. Please try again later.

================ See keystone.conf below:

[DEFAULT]
admin_token = admin_pass
admin_bind_host = x.x.x.x
admin_endpoint = http://x.x.x.x:%(admin_port)s/
public_endpoint = http://x.x.x.x:%(public_port)s/

########################################################
log_file = /var/log/keystone/keystone.log
debug = True
verbose = True
########################################################


[identity]
#driver = keystone.identity.backends.sql.Identity
driver = keystone.identity.backends.ldap.Identity
[ldap]
url=ldap://mycorporateserver.xxx:port_number
user = dc=Manager,dc=example,dc=org
password = samplepassword
suffix = dc=example,dc=org
use_dumb_member = False
allow_subtree_delete = False

user_tree_dn = ou=Users,dc=example,dc=org
user_objectclass = inetOrgPerson

tenant_tree_dn = ou=Groups,dc=example,dc=org
tenant_objectclass = groupOfNames

role_tree_dn = ou=Roles,dc=example,dc=org
role_objectclass = organizationalRole

user_objectclass = person

user_allow_create = False
user_allow_update = False
user_allow_delete = False

tenant_allow_create = False
tenant_allow_update = False
tenant_allow_delete = False

role_allow_create = False
role_allow_update = False
role_allow_delete = False

user_filter = (memberof=cn=openstack-users,ou=workgroups,dc=example,dc=org)
tenant_filter =
role_filter =


user_enabled_attribute = userAccountControl
user_enabled_mask      = 2
user_enabled_default   = 512
# everything else in keystone.conf was as pulled from github.
===============================
Original keystone.conf that works

[DEFAULT]
admin_token = admin_pass
admin_bind_host = x.x.x.x
admin_endpoint = http://x.x.x.x:%(admin_port)s/
public_endpoint = http://x.x.x.x:%(public_port)s/

#
# Options defined in keystone
#

# A "shared secret" that can be used to bootstrap Keystone.
# This "token" does not represent a user, and carries no
# explicit authorization. To disable in production (highly
# recommended), remove AdminTokenAuthMiddleware from your
# paste application pipelines (for example, in keystone-
# paste.ini). (string value)
#admin_token=ADMIN

# The IP Address of the network interface to for the public
# service to listen on. (string value)
# Deprecated group/name - [DEFAULT]/bind_host
#public_bind_host=0.0.0.0
# The IP Address of the network interface to for the admin
# service to listen on. (string value)
# Deprecated group/name - [DEFAULT]/bind_host
#admin_bind_host=0.0.0.0

# The port which the OpenStack Compute service listens on.
# (integer value)
#compute_port=8774

# The port number which the admin service listens on. (integer
# value)
#admin_port=35357

# The port number which the public service listens on.
# (integer value)
#public_port=5000

# The base public endpoint URL for keystone that are
# advertised to clients (NOTE: this does NOT affect how
# keystone listens for connections) (string value).
# Defaults to the base host URL of the request. Eg a
# request to http://server:5000/v2.0/users will
# default to http://server:5000. You should only need
# to set this value if the base URL contains a path
# (eg /prefix/v2.0) or the endpoint should be found on
# a different server.
#public_endpoint=http://localhost:%(public_port)s/

# The base admin endpoint URL for keystone that are advertised
# to clients (NOTE: this does NOT affect how keystone listens
# for connections) (string value).
# Defaults to the base host URL of the request. Eg a
# request to http://server:35357/v2.0/users will
# default to http://server:35357. You should only need
# to set this ...