Error:Keystone LDAP Integration through devstack(HAVANA)

asked 2013-12-18 07:03:25 -0600

bubuli gravatar image

updated 2013-12-18 11:08:30 -0600

Hello All, I've installed an openstack development environment through devstack and I wanted to use LDAP with it. To do that, I've added these lines in my localrc file: enable_service ldap KEYSTONE_CLEAR_LDAP=yes KEYSTONE_IDENTITY_BACKEND=ldap LDAP_PASSWORD=password

Then I ran  ./stack.sh
After some time I got this error:`+++ keystone tenant-create --name=alt_demo
++ echo dc33ec21207140da81840a07f88e2d6c
+ ALT_DEMO_TENANT=dc33ec21207140da81840a07f88e2d6c
++ get_id keystone user-create --name=alt_demo --pass=password --email=alt_demo@example.com
+++ awk '/ id / { print $4 }'
+++ keystone user-create --name=alt_demo --pass=password --email=alt_demo@example.com
An unexpected error prevented the server from fulfilling your request. {'desc': 'Invalid credentials'} (HTTP 500)
++ echo
+ ALT_DEMO_USER=
+ keystone user-role-add --tenant-id dc33ec21207140da81840a07f88e2d6c --user-id --role-id 27ead333968541c79611010eed76ef1e
usage: keystone user-role-add --user <user> --role <role> [--tenant <tenant>]
keystone user-role-add: error: argument --user/--user-id/--user_id: expected one argument
++ failed
++ local r=2
+++ jobs -p
++ kill
++ set

This is my keystone configuration file for LDAP ` [identity]
driver = keystone.identity.backends.ldap.Identity
[ldap]
user_tree_dn = ou=Users,dc=openstack,dc=org
user_domain_id_attribute = businessCategory
tenant_tree_dn = ou=Projects,dc=openstack,dc=org
tenant_desc_attribute = description
tenant_domain_id_attribute = businessCategory
tenant_attribute_ignore = enabled
user_attribute_ignore = enabled,email,tenants,default_project_id
use_dumb_member = True
suffix = dc=openstack,dc=org
user = dc=Manager,dc=openstack,dc=org
password = password

Thanks in advance
edit retag flag offensive close merge delete

Comments

it is unable to create the user. I have not done LDAP integration anytime. My suggestion is that first you make the setup works using the keystone and then configure for LDAP etc. This way your troubleshooting will be focused. You can take call on how to proceed.

dheeru gravatar imagedheeru ( 2013-12-18 07:54:57 -0600 )edit

even i am facing the same issue. any feedback will be very helpful.

Mithun gravatar imageMithun ( 2013-12-19 04:31:53 -0600 )edit