Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

LDAP class groupOfNames requires attribute 'member'

Hello everyone, I'm trying to plug Keystone with an LDAP. I'm stuck because of an error while setting keystone.

keystone --debug tenant-create --name=admin --description="Admin Tenant"

Nov 14 16:57:21 ldap slapd[2790]: Entry (cn=6a1f1f16fde54caea3e1cae225f38ec1,ou=Tenants,dc=example,dc=com): object class 'groupOfNames' requires attribute 'member'
Nov 14 16:57:21 ldap slapd[2790]: conn=1008 op=1 RESULT tag=105 err=65 text=object class 'groupOfNames' requires attribute 'member'
Nov 14 16:57:21 ldap slapd[2790]: conn=1008 op=2 UNBIND
Nov 14 16:57:21 ldap slapd[2790]: conn=1008 fd=18 closed

The LDAP part of my keystone conf file looks like this: [ldap]

url = ldap://ldap
user = cn=admin,dc=example,dc=com
password = password
suffix = cn=example,cn=com
use_dumb_member = False
allow_subtree_delete = False
user_tree_dn = ou=Users,dc=example,dc=password
user_objectclass = inetOrgPerson
user_id_attribute = cn
user_name_attribute = cn
user_allow_create = True
user_allow_update = True
tenant_tree_dn = ou=Tenants,dc=example,dc=com
tenant_objectclass = groupOfNames
tenant_domain_id_attribute = businessCategory
tenant_id_attribute = cn
tenant_member_attribute = member
tenant_name_attribute = ou
tenant_enabled_attribute = enabled
tenant_allow_create = True
tenant_allow_update = True
role_tree_dn = ou=Roles,dc=example,dc=com
role_objectclass = organizationalRole
role_id_attribute = cn
role_name_attribute = ou
role_member_attribute = roleOccupant
role_allow_create = True
role_allow_update = True
group_tree_dn = ou=Groups,dc=example,dc=com
group_objectclass = groupOfNames
group_id_attribute = cn
group_name_attribute = ou
group_member_attribute = member
group_desc_attribute = desc
group_allow_create = True
group_allow_update = True

According to it, member attribute is set for tenant. So, what is wrong with my setup?

Thanks beforehand.