openstack team mailing list archive

[Adam Young <ayoung@xxxxxxxxxx>]

On 11/29/2012 11:47 PM, yasith tharindu wrote:
> I was trying to enable enable keystone with ldap. but always return me 
> with a  this error. "*Error: *Invalid user name or password." and no 
> log trace can be found.

All I can say is it looks correct enough, but you obviosuly have a 
problem in your LDAP to Keystone configuration.  Authentication to LDAP 
is done using a simple bind, based on what you have for the 
user_tree_dn.  Make sure you can do that same bind from a command line 
LDAP tool.

> my keystone config as following
>
>
> [ldap]
> url = ldap://ldap.example.org <http://ldap.example.org>
> tree_dn = dc=ldap,dc=example,dc=org
> user_tree_dn = ou=user,dc=ldap,dc=example,dc=org
> tenant_tree_dn = ou=group,dc=ldap,dc=example,dc=org
> user = uid=ldapuser,ou=user,dc=ldap,dc=example,dc=org
> password = password
> suffix = dc=ldap,dc=example,dc=org
> user_name_attribute = uid
>
>
> [identity]
> driver = keystone.identity.backends.ldap.Identity
>
>
>
>
> I have few questions.
>
> what am i missing here.
> what is the purpose of "role_tree_dn" config does that necessarily needed.
> can we enable logs.
> there are many groups under tenant_tree_dn do I have to setup which 
> group to look at.
> Is there a sample ldap ldif file and keystone config to loook at?
>
> Thanks
>
>
> --
> Thanks..
> Regards...
>
> Blog: http://www.yasith.info
> Twitter : http://twitter.com/yasithnd
> LinkedIn : http://www.linkedin.com/in/yasithnd
> GPG Key ID : *57CEE66E*
>
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp