Ask Your Question
1

Configure Keystone Ldap Alias

asked 2013-08-12 03:25:59 -0500

neodiz gravatar image

updated 2014-02-06 17:01:28 -0500

smaffulli gravatar image

Hello everyone. Need help setting up a Keystone ldap. I can not login the user created in ldap through an alias. Keystone.conf

[ldap] <br />
url = ldap://192.168.3.28 <br />
user = cn=root,dc=kirkazan,dc=ru <br />
password: root_password <br />
suffix = dc=kirkazan,dc=ru <br />
user_tree_dn = ou=users,dc=openstack,dc=kirkazan,dc=ru <br />
user_objectclass = inetOrgPerson <br />
user_domain_id_attribute = businessCategory <br />
user_id_attribute = uid <br />
user_name_attribute = uid <br />
user_mail_attribute = mail <br />
user_pass_attribute = userPassword <br />
user_enabled_attribute = o <br />
# user_enabled_mask = 0 <br />
# user_enabled_default = True <br />
user_attribute_ignore = tenant_id,tenants <br />
user_allow_create = False  <br />
user_allow_update = False <br />
user_allow_delete = False <br />

Keystone Log

(eventlet.wsgi.server): 2013-08-12 12:03:09,175 DEBUG wsgi write (12178) accepted ('127.0.0.1', 60437)
(keystone.common.wsgi): 2013-08-12 12:03:09,184 DEBUG wsgi __call__ arg_dict: {}
(keystone.common.ldap.core): 2013-08-12 12:03:09,184 DEBUG core __init__ LDAP init: url=ldap://192.168.3.28
(keystone.common.ldap.core): 2013-08-12 12:03:09,185 DEBUG core __init__ LDAP init: use_tls=False
tls_cacertfile=None
tls_cacertdir=None
tls_req_cert=2
tls_avail=1

(keystone.common.ldap.core): 2013-08-12 12:03:09,185 DEBUG core simple_bind_s LDAP bind: dn=cn=root,dc=kirkazan,dc=ru
(keystone.common.ldap.core): 2013-08-12 12:03:09,186 DEBUG core search_s LDAP search: dn=ou=users,dc=openstack,dc=kirkazan,dc=ru, scope=1, query=(&(uid=inurmuhametov)(objectClass=inetOrgPerson)), attrs=['businessCategory', 'userPassword', 'o', 'mail', 'uid']
(keystone.common.ldap.core): 2013-08-12 12:03:09,188 DEBUG core __init__ LDAP init: url=ldap://192.168.3.28
(keystone.common.ldap.core): 2013-08-12 12:03:09,189 DEBUG core __init__ LDAP init: use_tls=False
tls_cacertfile=None
tls_cacertdir=None
tls_req_cert=2
tls_avail=1

(keystone.common.ldap.core): 2013-08-12 12:03:09,189 DEBUG core simple_bind_s LDAP bind: dn=cn=root,dc=kirkazan,dc=ru
(keystone.common.ldap.core): 2013-08-12 12:03:09,190 DEBUG core search_s LDAP search: dn=ou=users,dc=openstack,dc=kirkazan,dc=ru, scope=1, query=(&(uid=inurmuhametov)(objectClass=inetOrgPerson)), attrs=['mail', 'userPassword', 'o', 'businessCategory', 'uid']
(keystone.common.ldap.core): 2013-08-12 12:03:09,192 DEBUG core __init__ LDAP init: url=ldap://192.168.3.28
(keystone.common.ldap.core): 2013-08-12 12:03:09,193 DEBUG core __init__ LDAP init: use_tls=False
tls_cacertfile=None
tls_cacertdir=None
tls_req_cert=2
tls_avail=1

(keystone.common.ldap.core): 2013-08-12 12:03:09,193 DEBUG core simple_bind_s LDAP bind: dn=uid=inurmuhametov,ou=users,dc=openstack,dc=kirkazan,dc=ru
(keystone.common.wsgi): 2013-08-12 12:03:09,194 WARNING wsgi __call__ Authorization failed. Invalid user / password from 127.0.0.1
(access): 2013-08-12 12:03:09,195 INFO core __call__ 127.0.0.1 - - [12/Aug/2013:08:03:09 +0000] "POST http://127.0.0.1:5000/v2.0/tokens HTTP/1.0" 401 87
(eventlet.wsgi.server): 2013-08-12 12:03:09,196 DEBUG wsgi write 127.0.0.1 - - [12/Aug/2013 12:03:09] "POST /v2.0/tokens HTTP/1.1" 401 225 0.020038

User exists:

stack@openstack:~$ keystone user-list <br />
admin     |     admin     |   True ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-12-15 00:39:50 -0500

9lives gravatar image

Per the config guide here http://docs.openstack.org/juno/config... , look at the [ldap]section, there is one option

alias_dereferencing = default

you might change the default value to the one of the following value "never", "searching", "always", "finding" , i think you might try the 'searching' first.

let us know if you resolve this issue.

Hope that helps!

Vic

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-08-12 03:25:59 -0500

Seen: 424 times

Last updated: Dec 15 '14