← Back to team overview

openstack team mailing list archive

Re: enforce admin_required with LDAP admin user

 

You need an admin token and to go against port 35357 for those types of operations. A basic user does not have permission to do so. It has nothing to do with LDAP.


On 05/22/2012 11:47 AM, Sharif Islam wrote:
I think my LDAP bind is working by tenant-list and user-list gives me
admin_required error.

Looks like the LDAP admin user does not have any roles. is that the issue?



# keystone discover
Keystone found at http://localhost:5000/v2.0/
     - supports version v2.0 (beta) here http://149.165.159.121:5000/v2.0/
root@i121:~# keystone service-list
+----+------+------+-------------+
| id | name | type | description |
+----+------+------+-------------+
+----+------+------+-------------+
root@i121:~# keystone user-list
No handlers could be found for logger "keystoneclient.client"
You are not authorized to perform the requested action: admin_required
(HTTP 403)
root@i121:~# keystone tenant-list
No handlers could be found for logger "keystoneclient.client"
You are not authorized to perform the requested action: admin_required
(HTTP 403)



keystone.common.ldap.core): 2012-05-22 11:36:02,263 DEBUG LDAP init: url=ldap://ldap.project.org
(keystone.common.ldap.core): 2012-05-22 11:36:02,263 DEBUG LDAP bind: dn=uid=user,ou=People,dc=project,dc=org
(keystone.common.ldap.core): 2012-05-22 11:36:02,271 DEBUG LDAP search: dn=ou=ostenants,dc=project,dc=org, scope=1, query=(&(member=uid=admin,ou=People,dc=project,dc=org)(objectClass=groupOfNames))
(root): 2012-05-22 11:36:02,425 DEBUG TOKEN_REF {'id': 'dfc4b2ecexxxd014x280d91efeecda06', 'expires': datetime.datetime(2012, 5, 23, 15, 36, 2, 274565), 'user': {'id': 'admin', 'name': 'admin'}, 'tenant': {'id': 'admin', 'name': 'admin'}, 'metadata': {}}
(eventlet.wsgi.server): 2012-05-22 11:36:02,426 DEBUG 127.0.0.1 - - [22/May/2012 11:36:02] "POST /v2.0/tokens HTTP/1.1" 200 1762 0.166139
(keystone.policy.backends.rules): 2012-05-22 11:36:02,439 DEBUG enforce admin_required: {'tenant_id': u'admin', 'user_id': u'admin', 'roles': []}


--sharif

_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp




References