← Back to team overview

openstack team mailing list archive

How to configure Keystone with open LDAP + horizon on grizzly


The question is posted on openstack ask page.


2013-05-19 15:21:23    ERROR [root] 'domain_id'
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py",
line 236, in __call__
    result = method(context, **params)
  File "/usr/lib/python2.7/dist-packages/keystone/token/controllers.py",
line 82, in authenticate
    core.validate_auth_info(self, context, user_ref, tenant_ref)
  File "/usr/lib/python2.7/dist-packages/keystone/token/core.py", line
84, in validate_auth_info
KeyError: 'domain_id'

2013-05-19 15:21:23    DEBUG [keystone.common.wsgi] {"error":
{"message": "An unexpected error prevented the server from fulfilling
your request. 'domain_id'", "code": 500, "title": "Internal Server

Keystone config

url = ldap://
user = cn=admin,dc=example,dc=com
password = secret
suffix = cn=example,cn=com
use_dumb_member = False
tree_dn = dc=example,dc=com

user_tree_dn = ou=Users,dc=example,dc=com
user_objectclass = inetOrgPerson
user_id_attribute = cn
user_name_attribute = sn
user_pass_attribute = userPassword
user_allow_create = True
user_allow_update = True
user_enabled_attribute = enabled
user_enabled_default = True
user_domain_id_attribute = None

tenant_tree_dn = ou=Tenants,dc=example,dc=com
tenant_objectclass = groupOfNames
tenant_id_attribute = cn
tenant_member_attribute = member
tenant_name_attribute = ou
tenant_domain_id_attribute = None
tenant_allow_create = True
tenant_allow_update = True

role_tree_dn = ou=Roles,dc=example,dc=com
role_objectclass = groupOfNames
role_member_attribute = member
role_id_attribute = cn
role_name_attribute = ou
role_allow_create = True
role_allow_update = True


ldap config as follows.

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: example Inc
dc: example

dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: c2VjcmV0

dn: ou=Users,dc=example,dc=com
ou: users
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit

dn: ou=Roles,dc=example,dc=com
ou: roles
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit

dn: ou=Tenants,dc=example,dc=com
ou: tenants
objectClass: organizationalUnit

dn: cn=demo,ou=Users,dc=example,dc=com
cn: demo
displayName: demo
givenName: demo
mail: demo@xxxxxxxxxxx
objectClass: inetOrgPerson
objectClass: top
sn: demo
uid: demo
userPassword:: c2VjcmV0

dn: cn=admin,ou=Roles,dc=example,dc=com
objectClass: groupOfNames
cn: admin
description: Openstack admin Role
member: cn=demo,ou=Users,dc=example,dc=com

dn: cn=admin,ou=Tenants,dc=example,dc=com
objectClass: groupOfNames
cn: admin
description: Openstack admin Tenant
member: cn=demo,ou=Users,dc=example,dc=com

I would really appreciate your help

Follow ups