Hi, All
I have resolved this problem by add 'enabled' attribute to
class groupOfNames of ldap schema, thanks all the same.
*attributetype ( 2.5.4.66 NAME 'enabled'*
* DESC 'RFC2256: enabled of a group'*
* EQUALITY booleanMatch*
* SYNTAX 1.3.6.1.4.1.1466.115.121.1.7*
* SINGLE-VALUE )*
objectclass ( 2.5.6.9 NAME 'groupOfNames'
DESC 'RFC2256: a group of names (DNs)'
SUP top STRUCTURAL
MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $
description $ *enabled *) )
2012/9/5 Yanping Xie <irsxyp@xxxxxxxxx <mailto:irsxyp@xxxxxxxxx>>
Hi, all
I am trying to setup keystone to use ldap as backend, but failed
on creating the first tenant.
# keystone tenant-create --name=admin
An unexpected error prevented the server from fulfilling your
request. {'info': 'enabled: attribute type undefined', 'desc':
'Undefined attribute type'} (HTTP 500)
Here is my keystone config about ldap(snippets from keystone.log):
------------------------------------------------------
ldap.tenant_member_attribute = member
ldap.tenant_name_attribute = ou
ldap.tenant_objectclass = groupOfNames
ldap.tenant_tree_dn = ou=Group,dc=example,dc=com
ldap.url = ldap://182.xxx.29.250
ldap.use_dumb_member = False
ldap.user = cn=Manager,dc=example,dc=com
ldap.user_id_attribute = cn
ldap.user_name_attribute = sn
ldap.user_objectclass = inetOrgPerson
ldap.user_tree_dn = ou=User,dc=example,dc=com
------------------------------------------------------
Ldap server migration file to initialize ldap:
------------------------------------------------------
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: The Example Corporation
dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=User,dc=example,dc=com
ou: User
objectClass: top
objectClass: organizationalUnit
dn: ou=Role,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
------------------------------------------------------
Related keytone log is as follows:
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2012-09-05 18:45:33 DEBUG [keystone.common.ldap.core] LDAP
init: url=ldap://182.xxx.29.250
2012-09-05 18:45:33 DEBUG [keystone.common.ldap.core] LDAP
bind: dn=cn=Manager,dc=example,dc=com
2012-09-05 18:45:33 DEBUG [keystone.common.ldap.core] LDAP add:
dn=cn=7ab0c10b9fc04f89affb66e1650fc694,ou=Group,dc=example,dc=com,
attrs=[('objectClass', ['groupOfNames']), (
'enabled', ['TRUE']), ('ou', ['admin']), ('member',
['cn=dumb,dc=nonexistent'])]
2012-09-05 18:45:33 ERROR [root] {'info': 'enabled: attribute
type undefined', 'desc': 'Undefined attribute type'}
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py",
line 204, in __call__
result = method(context, **params)
File
"/usr/lib/python2.6/site-packages/keystone/identity/core.py", line
397, in create_tenant
context, tenant_ref['id'], tenant_ref)
File
"/usr/lib/python2.6/site-packages/keystone/common/manager.py",
line 47, in _wrapper
return f(*args, **kw)
File
"/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py",
line 208, in create_tenant
return self.tenant.create(tenant)
File
"/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py",
line 492, in create
return super(TenantApi, self).create(data)
File
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py",
line 179, in create
conn.add_s(self._id_to_dn(values['id']), attrs)
File
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py",
line 310, in add_s
return self.conn.add_s(dn, ldap_attrs)
File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py",
line 194, in add_s
return self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py",
line 436, in result
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py",
line 440, in result2
res_type, res_data, res_msgid, srv_ctrls =
self.result3(msgid,all,timeout)
File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py",
line 446, in result3
ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py",
line 96, in _ldap_call
result = func(*args,**kwargs)
*UNDEFINED_TYPE: {'info': 'enabled: attribute type undefined',
'desc': 'Undefined attribute type'}*
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
And the ldap server log is as follows:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Sep 5 18:45:33 ldaps slapd[7946]: conn=1011 op=1 ADD
dn="cn=7ab0c10b9fc04f89affb66e1650fc694,ou=Group,dc=example,dc=com"
Sep 5 18:45:33 ldaps slapd[7946]: send_ldap_result: conn=1011
op=1 p=3
Sep 5 18:45:33 ldaps slapd[7946]: send_ldap_result: err=17
matched="" text="enabled: attribute type undefined"
Sep 5 18:45:33 ldaps slapd[7946]: send_ldap_response: msgid=2
tag=105 err=17
*Sep 5 18:45:33 ldaps slapd[7946]: conn=1011 op=1 RESULT tag=105
err=17 text=enabled: attribute type undefined*
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This problem makes me crazy for quite a while. Can anyone help me
out? Really appricate your help.
Best Regards.
Yanping
