openstack team mailing list archive

Thread
Date

Configuring keystone with ldap

To: openstack@xxxxxxxxxxxxxxxxxxx
From: yasith tharindu <yasithucsc@xxxxxxxxx>
Date: Fri, 30 Nov 2012 10:17:20 +0530
In-reply-to: <CAMpRDc5Q2Z=ejhaaQDcHuz70Y1xe+Or44M2KEX6_y3v=n_TbSA@mail.gmail.com>

I was trying to enable enable keystone with ldap. but always return me with
a  this error. "*Error: *Invalid user name or password." and no log trace
can be found.

my keystone config as following


[ldap]
url = ldap://ldap.example.org
tree_dn = dc=ldap,dc=example,dc=org
user_tree_dn = ou=user,dc=ldap,dc=example,dc=org
tenant_tree_dn = ou=group,dc=ldap,dc=example,dc=org
user = uid=ldapuser,ou=user,dc=ldap,dc=example,dc=org
password = password
suffix = dc=ldap,dc=example,dc=org
user_name_attribute = uid


[identity]
driver = keystone.identity.backends.ldap.Identity




I have few questions.

what am i missing here.
what is the purpose of "role_tree_dn" config does that necessarily needed.
can we enable logs.
there are many groups under tenant_tree_dn do I have to setup which group
to look at.
Is there a sample ldap ldif file and keystone config to loook at?

Thanks


-- 
Thanks..
Regards...

Blog: http://www.yasith.info
Twitter : http://twitter.com/yasithnd
LinkedIn : http://www.linkedin.com/in/yasithnd
GPG Key ID : *57CEE66E*

Follow ups

Re: Configuring keystone with ldap
From: Adam Young, 2012-11-30