Ask Your Question

edsonh's profile - activity

2018-12-12 09:11:00 -0500 received badge  Famous Question (source)
2017-07-14 03:11:06 -0500 received badge  Notable Question (source)
2017-07-05 10:33:50 -0500 received badge  Enthusiast
2017-07-04 21:38:39 -0500 commented answer Moving glance to a storage node off the controller

Hi, I've done that, got these error on api.log from new glance server when I try issue openstack image list command..

Internal Server Error (HTTP 500);
2017-07-03 19:39:29 -0500 commented answer can't retrieve users and groups from MS AD with keystone integration

ok, I'll try these parameters also, let's see..

2017-06-29 19:56:17 -0500 received badge  Popular Question (source)
2017-06-28 14:09:38 -0500 commented answer can't retrieve users and groups from MS AD with keystone integration

Also, If I disable the domain_specific_drivers_enabled , I'm able to logging back with the normal local openstack users..

2017-06-28 14:08:21 -0500 commented answer can't retrieve users and groups from MS AD with keystone integration

hi, I've put it .. (don't know why this thread doesn't let me create more than one answer..)..

2017-06-28 14:07:16 -0500 received badge  Editor (source)
2017-06-27 06:34:02 -0500 answered a question can't retrieve users and groups from MS AD with keystone integration

Hi, @eblock, I did not. tkx for the commando. in fact, I've just done as you recommended, and it was a trick..it doesn't reconnize some options inside the specific domain file - I saw that on keystone.log (so, i've commented the options complainned, inside the file ,and it goes..), now I'm in another step of trouble..

[root@dcprd052113 ~(keystone_admin)]# openstack user list --domain wegnet

**An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-16832861-f728-4632-a641-28fd9d421e6a)**

=== And also, after I'd restart httpd, I'm not able to loggin as default domain and normal admin user..

2017-06-27 08:43:08.104 31685 ERROR keystone.common.wsgi     opt_info['opt'], override, enforce_type)
2017-06-27 08:43:08.104 31685 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 2616, in _get_enforced_type_value
2017-06-27 08:43:08.104 31685 ERROR keystone.common.wsgi     converted = self._convert_value(value, opt)
2017-06-27 08:43:08.104 31685 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 2901, in _convert_value
2017-06-27 08:43:08.104 31685 ERROR keystone.common.wsgi     return opt.type(value)
2017-06-27 08:43:08.104 31685 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/oslo_config/types.py", line 235, in __call__
2017-06-27 08:43:08.104 31685 ERROR keystone.common.wsgi     raise ValueError('Unexpected boolean value %r' % value)
2017-06-27 08:43:08.104 31685 ERROR keystone.common.wsgi ValueError: Unexpected boolean value u''
2017-06-27 08:43:08.104 31685 ERROR keystone.common.wsgi

============================================================================= ==================@eblock: Here is the keystone.conf ============================ ======command: egrep -ve "^#|^$" /etc/keystone/keystone.conf=====================

[DEFAULT] admin_token = ca5b331a738746b2940a5e3109699e73 log_dir = /var/log/keystone rpc_backend = rabbit public_bind_host=0.0.0.0 admin_bind_host=0.0.0.0 public_port=5000 admin_port=35357 [assignment] [auth] [cache] [catalog] template_file = /etc/keystone/default_catalog.templates driver = sql [cors] [cors.subdomain] [credential] key_repository = /etc/keystone/credential-keys/ [database] connection = mysql+pymysql://keystone_admin:<xyzpassword>@127.0.0.1/keystone [domain_config] [endpoint_filter] [endpoint_policy] [eventlet_server] admin_workers=2 public_workers=2 [federation] [fernet_tokens] key_repository = /etc/keystone/fernet-keys max_active_keys = 20 [healthcheck] [identity] domain_specific_drivers_enabled = true domain_configurations_from_database = true domain_config_dir = /etc/keystone/domains [identity_mapping] [kvs] [ldap] [matchmaker_redis] [memcache] [oauth1] [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy] [paste_deploy] [policy] [profiler] [resource] [revoke] [role] [saml] [security_compliance] [shadow_users] [signing] [token] expiration = 3600 provider = fernet driver = sql revoke_by_id = True [tokenless_auth] [trust] [ssl] enable = False

2017-06-26 22:38:15 -0500 asked a question can't retrieve users and groups from MS AD with keystone integration

Hi, I'm knew with openstack. I've installed Ocata openstack over CentOs, seams it's working. Now I'm trying to configure integration with our internal/std Directory Service (Microsoft AD, 2003 level).. I've tried to follow the links: http://redhat.slides.com/mlopes/integrate-active-directory-with-openstack-keystone#/11 (http://redhat.slides.com/mlopes/integ...) https://docs.openstack.org/admin-guide/identity-integrate-with-ldap.html (https://docs.openstack.org/admin-guid...). I'm able to log on Horizon dashaboard with local users and default domain.. but I'm not able to login with MS AD related user (because I can't retrieve user/group from AD in order to get right to them in the openstack recently created domain ). If I invoke "openstak users list --domain <mydomainname config="" configure="" domains="" etc="" file="" in="" keystone="" special="" under=""> it doesn't return nothing to me.. same thing with openstack group list --domain <myadomainname></myadomainname></mydomainname>

I'm not seeing too mutch critical alarms at keyston.log:

=====================

*2017-06-26 22:03:03.229 13078 INFO keystone.token.persistence.backends.sql [-] Total expired tokens removed: 0 2017-06-26 22:03:16.547 535 INFO keystone.common.wsgi [req-20c076da-ea48-4c0f-a58c-ad900676d407 - - - - -] GET http://dcprd052113:5000/v3/ 2017-06-26 22:03:16.561 534 INFO keystone.common.wsgi [req-4d5e9f99-fc59-4ef9-8073-e450f3663c93 - - - - -] POST http://dcprd052113:5000/v3/auth/tokens 2017-06-26 22:03:16.754 535 INFO keystone.common.wsgi [req-5f27825d-b427-42e0-a4b5-a874cef6b92d - - - - -] POST http://dcprd052113:5000/v3/auth/tokens 2017-06-26 22:03:16.949 532 INFO keystone.common.wsgi [req-619b7702-37b7-43e4-bf36-1ad4fecbcfe2 - - - - -] GET http://dcprd052113:35357/v3/ 2017-06-26 22:03:17.057 533 INFO keystone.common.wsgi [req-c63a30f3-482a-448b-b4ef-e6461fd2643e 65215625867b4ac7af49d46c0da4555d 87988ba74ad5468895c7c3c26e03a6a7 - default default] GET http://dcprd052113:35357/v3/domains/wegnet 2017-06-26 22:03:17.061 533 WARNING keystone.common.wsgi [req-c63a30f3-482a-448b-b4ef-e6461fd2643e 65215625867b4ac7af49d46c0da4555d 87988ba74ad5468895c7c3c26e03a6a7 - default default] Could not find domain: wegnet. 2017-06-26 22:03:17.200 532 INFO keystone.common.wsgi [req-9eb6211c-1b41-443c-9da5-84f953d1e459 65215625867b4ac7af49d46c0da4555d 87988ba74ad5468895c7c3c26e03a6a7 - default default] GET http://dcprd052113:35357/v3/domains/wegnet 2017-06-26 22:03:17.204 532 WARNING keystone.common.wsgi [req-9eb6211c-1b41-443c-9da5-84f953d1e459 65215625867b4ac7af49d46c0da4555d 87988ba74ad5468895c7c3c26e03a6a7 - default default] Could not find domain: wegnet. 2017-06-26 22:03:17.303 533 INFO keystone.common.wsgi [req-9d9ba15b-1eae-4da7-88c5-222db59f39b4 65215625867b4ac7af49d46c0da4555d 87988ba74ad5468895c7c3c26e03a6a7 - default default] GET http://dcprd052113:35357/v3/domains?name=wegnet 2017-06-26 22:03:17.415 532 INFO keystone.common.wsgi [req-fa45fef2-1fb5-440d-a4c7-453ccaaafbab 65215625867b4ac7af49d46c0da4555d 87988ba74ad5468895c7c3c26e03a6a7 - default default] GET http://dcprd052113:35357/v3/users?domain_id=a1b7a20a645b4f869eaaf17723363a69*

========================================

here is my /etc/keystone/domains/keystone.wegnet.conf file:

=======================================

[ldap]
url                  = ldap://brjgs109.weg.net
user                  = "CN=sys-openstack,OU=OPENSTACK,OU=EDSONH,OU=EQUIPE_TECNOLOGIA,OU=AREA DE TESTES,DC=weg,DC=net"
password                 = <user sys-openstack password - strong one>
suffix                   = DC=weg,DC=net
user_tree_dn             = "OU=OPENSTACK,OU=EDSONH,OU=EQUIPE_TECNOLOGIA,OU=AREA DE TESTES,DC=weg,DC=net"
user_objectclass         = IntOrgPerson
user_filter                  = (memberof="CN=GL_OpenStack,OU=OPENSTACK,OU=EDSONH,OU=EQUIPE_TECNOLOGIA,OU=AREA DE TESTES,DC=weg,DC=net")
user_id_attribute        = cn
user_name_attribute      = sn
user_mail_attribute      = mail
user_pass_attribute      = userPassword
user_enabled_attribute   = userAccountControl
user_enabled_mask        = 2
user_enabled_default     = 512
user_attribute_ignore    =
user_allow_create        = False
user_allow_update        = False
user_allow_delete        = False
group_objectclass        = groupOfNames
group_tree_dn            = "OU=OPENSTACK,OU=EDSONH,OU=EQUIPE_TECNOLOGIA,OU=AREA DE TESTES,DC=weg,DC=net"
group_filter             = (CN=GL_OpenStack)
group_id_attribute       = cn
group_name_attribute     = ou
group_member_attribute   = member ...
(more)