← Back to team overview

openstack team mailing list archive

Re: Configuring keystone with ldap

 

On 11/29/2012 11:47 PM, yasith tharindu wrote:


I was trying to enable enable keystone with ldap. but always return me with a this error. "*Error: *Invalid user name or password." and no log trace can be found.

All I can say is it looks correct enough, but you obviosuly have a problem in your LDAP to Keystone configuration. Authentication to LDAP is done using a simple bind, based on what you have for the user_tree_dn. Make sure you can do that same bind from a command line LDAP tool.


my keystone config as following


[ldap]
url = ldap://ldap.example.org <http://ldap.example.org>
tree_dn = dc=ldap,dc=example,dc=org
user_tree_dn = ou=user,dc=ldap,dc=example,dc=org
tenant_tree_dn = ou=group,dc=ldap,dc=example,dc=org
user = uid=ldapuser,ou=user,dc=ldap,dc=example,dc=org
password = password
suffix = dc=ldap,dc=example,dc=org
user_name_attribute = uid


[identity]
driver = keystone.identity.backends.ldap.Identity




I have few questions.

what am i missing here.
what is the purpose of "role_tree_dn" config does that necessarily needed.
can we enable logs.
there are many groups under tenant_tree_dn do I have to setup which group to look at.
Is there a sample ldap ldif file and keystone config to loook at?

Thanks


--
Thanks..
Regards...

Blog: http://www.yasith.info
Twitter : http://twitter.com/yasithnd
LinkedIn : http://www.linkedin.com/in/yasithnd
GPG Key ID : *57CEE66E*





_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


References