← Back to team overview

openstack team mailing list archive

  1. openstack team
  2. Mailing list archive
  3. Message #16482

Re: [Keystone] Creating tenant failed when using ldap as identity backend: 'attribute type undefined'

  Thread PreviousDate PreviousThread Next 
Hi, All
    I have resolved this problem by add 'enabled' attribute to
class groupOfNames of ldap schema, thanks all the same.

*attributetype ( 2.5.4.66 NAME 'enabled'*
*        DESC 'RFC2256: enabled of a group'*
*        EQUALITY booleanMatch*
*        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7*
*        SINGLE-VALUE )*

objectclass ( 2.5.6.9 NAME 'groupOfNames'
        DESC 'RFC2256: a group of names (DNs)'
        SUP top STRUCTURAL
        MUST ( member $ cn )
        MAY ( businessCategory $ seeAlso $ owner $ ou $ o $
description $ *enabled
*) )

2012/9/5 Yanping Xie <irsxyp@xxxxxxxxx>

> Hi, all
>
> I am trying to setup keystone to use ldap as backend, but failed on
> creating the first tenant.
>
> # keystone tenant-create --name=admin
> An unexpected error prevented the server from fulfilling your request.
> {'info': 'enabled: attribute type undefined', 'desc': 'Undefined attribute
> type'} (HTTP 500)
>
>
> Here is my keystone config about ldap(snippets from keystone.log):
> ------------------------------------------------------
> ldap.tenant_member_attribute   = member
> ldap.tenant_name_attribute     = ou
> ldap.tenant_objectclass        = groupOfNames
> ldap.tenant_tree_dn            = ou=Group,dc=example,dc=com
> ldap.url                       = ldap://182.xxx.29.250
> ldap.use_dumb_member           = False
> ldap.user                      = cn=Manager,dc=example,dc=com
> ldap.user_id_attribute         = cn
> ldap.user_name_attribute       = sn
> ldap.user_objectclass          = inetOrgPerson
> ldap.user_tree_dn              = ou=User,dc=example,dc=com
> ------------------------------------------------------
>
> Ldap server migration file to initialize ldap:
> ------------------------------------------------------
> dn: dc=example,dc=com
> objectClass: dcObject
> objectClass: organization
> dc: example
> o: The Example Corporation
>
> dn: ou=Group,dc=example,dc=com
> ou: Group
> objectClass: top
> objectClass: organizationalUnit
>
> dn: ou=User,dc=example,dc=com
> ou: User
> objectClass: top
> objectClass: organizationalUnit
>
> dn: ou=Role,dc=example,dc=com
> objectClass: top
> objectClass: organizationalUnit
> ------------------------------------------------------
>
> Related keytone log is as follows:
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 2012-09-05 18:45:33    DEBUG [keystone.common.ldap.core] LDAP init:
> url=ldap://182.xxx.29.250
> 2012-09-05 18:45:33    DEBUG [keystone.common.ldap.core] LDAP bind:
> dn=cn=Manager,dc=example,dc=com
> 2012-09-05 18:45:33    DEBUG [keystone.common.ldap.core] LDAP add:
> dn=cn=7ab0c10b9fc04f89affb66e1650fc694,ou=Group,dc=example,dc=com,
> attrs=[('objectClass', ['groupOfNames']), (
> 'enabled', ['TRUE']), ('ou', ['admin']), ('member',
> ['cn=dumb,dc=nonexistent'])]
> 2012-09-05 18:45:33    ERROR [root] {'info': 'enabled: attribute type
> undefined', 'desc': 'Undefined attribute type'}
> Traceback (most recent call last):
>   File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line
> 204, in __call__
>     result = method(context, **params)
>   File "/usr/lib/python2.6/site-packages/keystone/identity/core.py", line
> 397, in create_tenant
>     context, tenant_ref['id'], tenant_ref)
>   File "/usr/lib/python2.6/site-packages/keystone/common/manager.py", line
> 47, in _wrapper
>     return f(*args, **kw)
>   File
> "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py",
> line 208, in create_tenant
>     return self.tenant.create(tenant)
>   File
> "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py",
> line 492, in create
>     return super(TenantApi, self).create(data)
>   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py",
> line 179, in create
>     conn.add_s(self._id_to_dn(values['id']), attrs)
>   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py",
> line 310, in add_s
>     return self.conn.add_s(dn, ldap_attrs)
>   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 194,
> in add_s
>     return self.result(msgid,all=1,timeout=self.timeout)
>   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 436,
> in result
>     res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
>   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 440,
> in result2
>     res_type, res_data, res_msgid, srv_ctrls =
> self.result3(msgid,all,timeout)
>   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 446,
> in result3
>     ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
>   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 96,
> in _ldap_call
>     result = func(*args,**kwargs)
> *UNDEFINED_TYPE: {'info': 'enabled: attribute type undefined', 'desc':
> 'Undefined attribute type'}*
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> And the ldap server log is as follows:
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> Sep  5 18:45:33 ldaps slapd[7946]: conn=1011 op=1 ADD
> dn="cn=7ab0c10b9fc04f89affb66e1650fc694,ou=Group,dc=example,dc=com"
> Sep  5 18:45:33 ldaps slapd[7946]: send_ldap_result: conn=1011 op=1 p=3
> Sep  5 18:45:33 ldaps slapd[7946]: send_ldap_result: err=17 matched=""
> text="enabled: attribute type undefined"
> Sep  5 18:45:33 ldaps slapd[7946]: send_ldap_response: msgid=2 tag=105
> err=17
> *Sep  5 18:45:33 ldaps slapd[7946]: conn=1011 op=1 RESULT tag=105 err=17
> text=enabled: attribute type undefined*
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
> This problem makes me crazy for quite a while. Can anyone help me out?
> Really appricate your help.
>
> Best Regards.
>
> Yanping
>

Follow ups

References

  Thread PreviousDate PreviousThread Next