Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Keystone LDAP integration

Hi Guys,

I have an OpenStack Havana installation and we have a requirement to integrate it with LDAP. I have been following the instructions on this page (http://openstack.redhat.com/Keystone_integration_with_IDM), with some success and can now log in with an alternative "admin" user called "osadmin".

The problem is that within Horizon, I'm greeted with two errors upon login: Error: Unauthorised: Unable to retrieve usage information. Error: Unauthorised: Unable to retrieve limit information.

This continues for each of the pages that I click on. On the command line, when I source my creds for "osadmin" I can list users, roles and tenants, but if I try to retrieve a flavor list, I'm not authorised:

root@node-5:~# nova --debug flavor-list

REQ: curl -i http://192.168.0.3:5000/v2.0/tokens -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "osadmin", "password": "osadmin"}}}'

INFO (connectionpool:202) Starting new HTTP connection (1): 192.168.0.3
DEBUG (connectionpool:296) "POST /v2.0/tokens HTTP/1.1" 200 2710
RESP: [200] CaseInsensitiveDict({'date': 'Wed, 02 Apr 2014 18:30:55 GMT', 'vary': 'X-Auth-Token', 'content-length': '2710', 'content-type': 'application/json'})
RESP BODY: {"access": {"token": {"issued_at": "2014-04-02T18:30:55.578617", "expires": "2014-04-03T18:30:55Z", "id": "92db3daf37454ca78ebf0d7c247778c5", "tenant": {"enabled": true, "description": "Admin Tenant", "name": "admin", "id": "c4d981b1d47c49d3a4bd8bc467073c40"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://192.168.0.3:8774/v2/c4d981b1d47c49d3a4bd8bc467073c40", "region": "RegionOne", "internalURL": "http://192.168.0.3:8774/v2/c4d981b1d47c49d3a4bd8bc467073c40", "id": "0dfdbe209bda44c9aeb101865fe48dd9", "publicURL": "http://172.16.0.3:8774/v2/c4d981b1d47c49d3a4bd8bc467073c40"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://192.168.0.3:9696", "region": "RegionOne", "internalURL": "http://192.168.0.3:9696", "id": "1747865618ff47b6a068820ed108769d", "publicURL": "http://172.16.0.3:9696"}], "endpoints_links": [], "type": "network", "name": "neutron"}, {"endpoints": [{"adminURL": "http://192.168.0.3:9292", "region": "RegionOne", "internalURL": "http://192.168.0.3:9292", "id": "847f45e1441d4a48ac441141892a00bf", "publicURL": "http://172.16.0.3:9292"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://192.168.0.3:8776/v1/c4d981b1d47c49d3a4bd8bc467073c40", "region": "RegionOne", "internalURL": "http://192.168.0.3:8776/v1/c4d981b1d47c49d3a4bd8bc467073c40", "id": "172c31895c3c4cc8ba617ccd611c545b", "publicURL": "http://172.16.0.3:8776/v1/c4d981b1d47c49d3a4bd8bc467073c40"}], "endpoints_links": [], "type": "volume", "name": "cinder"}, {"endpoints": [{"adminURL": "http://192.168.0.3:8773/services/Admin", "region": "RegionOne", "internalURL": "http://192.168.0.3:8773/services/Cloud", "id": "0df6eee555134ae8b3c96a0a57880e1c", "publicURL": "http://172.16.0.3:8773/services/Cloud"}], "endpoints_links": [], "type": "ec2", "name": "nova_ec2"}, {"endpoints": [{"adminURL": "http://192.168.0.3:8004/v1/c4d981b1d47c49d3a4bd8bc467073c40", "region": "RegionOne", "internalURL": "http://192.168.0.3:8004/v1/c4d981b1d47c49d3a4bd8bc467073c40", "id": "1959faa1878243d7b8e60a68b8a3fd1f", "publicURL": "http://172.16.0.3:8004/v1/c4d981b1d47c49d3a4bd8bc467073c40"}], "endpoints_links": [], "type": "orchestration", "name": "heat"}, {"endpoints": [{"adminURL": "http://192.168.0.3:35357/v2.0", "region": "RegionOne", "internalURL": "http://192.168.0.3:5000/v2.0", "id": "0694e4371eaa457eb11cbc5d5556e94b", "publicURL": "http://172.16.0.3:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}], "user": {"username": "osadmin", "roles_links": [], "id": "osadmin", "roles": [{"name": "admin"}], "name": "osadmin"}, "metadata": {"is_admin": 0, "roles": ["b5cc07da9685470dbcb2bc27e9a80b13"]}}}


REQ: curl -i http://172.16.0.3:8774/v2/c4d981b1d47c49d3a4bd8bc467073c40/flavors/detail -X GET -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: 92db3daf37454ca78ebf0d7c247778c5"

INFO (connectionpool:202) Starting new HTTP connection (1): 172.16.0.3
DEBUG (connectionpool:296) "GET /v2/c4d981b1d47c49d3a4bd8bc467073c40/flavors/detail HTTP/1.1" 401 23
RESP: [401] CaseInsensitiveDict({'date': 'Wed, 02 Apr 2014 18:30:55 GMT', 'content-length': '23', 'content-type': 'text/plain', 'www-authenticate': "Keystone uri='http://192.168.0.3:35357'"})
RESP BODY: Authentication required


REQ: curl -i http://192.168.0.3:5000/v2.0/tokens -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"passwordCredentials": {"username": "osadmin", "password": "osadmin"}, "tenantId": "c4d981b1d47c49d3a4bd8bc467073c40"}}'

DEBUG (connectionpool:296) "POST /v2.0/tokens HTTP/1.1" 200 2710
RESP: [200] CaseInsensitiveDict({'date': 'Wed, 02 Apr 2014 18:30:55 GMT', 'vary': 'X-Auth-Token', 'content-length': '2710', 'content-type': 'application/json'})
RESP BODY: {"access": {"token": {"issued_at": "2014-04-02T18:30:55.927302", "expires": "2014-04-03T18:30:55Z", "id": "e214d5fe5f9a4af1b760a8d89c68b492", "tenant": {"enabled": true, "description": "Admin Tenant", "name": "admin", "id": "c4d981b1d47c49d3a4bd8bc467073c40"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://192.168.0.3:8774/v2/c4d981b1d47c49d3a4bd8bc467073c40", "region": "RegionOne", "internalURL": "http://192.168.0.3:8774/v2/c4d981b1d47c49d3a4bd8bc467073c40", "id": "0dfdbe209bda44c9aeb101865fe48dd9", "publicURL": "http://172.16.0.3:8774/v2/c4d981b1d47c49d3a4bd8bc467073c40"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://192.168.0.3:9696", "region": "RegionOne", "internalURL": "http://192.168.0.3:9696", "id": "1747865618ff47b6a068820ed108769d", "publicURL": "http://172.16.0.3:9696"}], "endpoints_links": [], "type": "network", "name": "neutron"}, {"endpoints": [{"adminURL": "http://192.168.0.3:9292", "region": "RegionOne", "internalURL": "http://192.168.0.3:9292", "id": "847f45e1441d4a48ac441141892a00bf", "publicURL": "http://172.16.0.3:9292"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://192.168.0.3:8776/v1/c4d981b1d47c49d3a4bd8bc467073c40", "region": "RegionOne", "internalURL": "http://192.168.0.3:8776/v1/c4d981b1d47c49d3a4bd8bc467073c40", "id": "172c31895c3c4cc8ba617ccd611c545b", "publicURL": "http://172.16.0.3:8776/v1/c4d981b1d47c49d3a4bd8bc467073c40"}], "endpoints_links": [], "type": "volume", "name": "cinder"}, {"endpoints": [{"adminURL": "http://192.168.0.3:8773/services/Admin", "region": "RegionOne", "internalURL": "http://192.168.0.3:8773/services/Cloud", "id": "0df6eee555134ae8b3c96a0a57880e1c", "publicURL": "http://172.16.0.3:8773/services/Cloud"}], "endpoints_links": [], "type": "ec2", "name": "nova_ec2"}, {"endpoints": [{"adminURL": "http://192.168.0.3:8004/v1/c4d981b1d47c49d3a4bd8bc467073c40", "region": "RegionOne", "internalURL": "http://192.168.0.3:8004/v1/c4d981b1d47c49d3a4bd8bc467073c40", "id": "1959faa1878243d7b8e60a68b8a3fd1f", "publicURL": "http://172.16.0.3:8004/v1/c4d981b1d47c49d3a4bd8bc467073c40"}], "endpoints_links": [], "type": "orchestration", "name": "heat"}, {"endpoints": [{"adminURL": "http://192.168.0.3:35357/v2.0", "region": "RegionOne", "internalURL": "http://192.168.0.3:5000/v2.0", "id": "0694e4371eaa457eb11cbc5d5556e94b", "publicURL": "http://172.16.0.3:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}], "user": {"username": "osadmin", "roles_links": [], "id": "osadmin", "roles": [{"name": "admin"}], "name": "osadmin"}, "metadata": {"is_admin": 0, "roles": ["b5cc07da9685470dbcb2bc27e9a80b13"]}}}


REQ: curl -i http://172.16.0.3:8774/v2/c4d981b1d47c49d3a4bd8bc467073c40/flavors/detail -X GET -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: e214d5fe5f9a4af1b760a8d89c68b492"

DEBUG (connectionpool:296) "GET /v2/c4d981b1d47c49d3a4bd8bc467073c40/flavors/detail HTTP/1.1" 401 23
RESP: [401] CaseInsensitiveDict({'date': 'Wed, 02 Apr 2014 18:30:56 GMT', 'content-length': '23', 'content-type': 'text/plain', 'www-authenticate': "Keystone uri='http://192.168.0.3:35357'"})
RESP BODY: Authentication required

DEBUG (shell:740) Unauthorized (HTTP 401)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 737, in main
    OpenStackComputeShell().main(map(strutils.safe_decode, sys.argv[1:]))
  File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 673, in main
    args.func(self.cs, args)
  File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/shell.py", line 599, in do_flavor_list
    flavors = cs.flavors.list()
  File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/flavors.py", line 103, in list
    return self._list("/flavors%s%s" % (detail, query_string), "flavors")
  File "/usr/lib/python2.7/dist-packages/novaclient/base.py", line 61, in _list
    _resp, body = self.api.client.get(url)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 229, in get
    return self._cs_request(url, 'GET', **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 226, in _cs_request
    raise e
Unauthorized: Unauthorized (HTTP 401)
ERROR: Unauthorized (HTTP 401)

I'm sure there's something else I have to add to the LDAP schema, but I'm at a loss as I seem to retrieve an auth token without any problems. If you need any more information, let me know... Any suggestions would be much appreciated!

Thanks, Leigh