yahoo-eng-team team mailing list archive

[Dolph Mathews <1198171@xxxxxxxxxxxxxxxxxx>]

You're also not specifying either the user's domain or the project's
domain in step 6, so the client is (correctly) assuming that both exist
in the default domain (which they don't, because you created them in a
non-default domain). So, the server is correctly returning a 401 for the
request in step 6, based on steps 1-5.

** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1198171

Title:
  not able to authenticate with user from non-default domain, v3

Status in OpenStack Identity (Keystone):
  Invalid
Status in OpenStack Command Line Client:
  Confirmed

Bug description:
  Here's steps to reproduce
  1) Set up keystone endpoints to v3
  2) openstack --os-identity-api-version 3 domain create mydomain
  3) openstack --os-identity-api-version 3 project create myproject --domain mydomain
  4) openstack --os-identity-api-version 3 user create myuser --password test --domain mydomain
  5) openstack --os-identity-api-version 3 role add Member --user myuser --project myproject
  6) openstack --os-identity-api-version 3 --os-username myuser --os-tenant-name myproject --os-password test user list
  ERROR: cliff.app Could not find project: myproject (HTTP 401)

  If I add user to tenant from default domain and try to authenticate again
  openstack --os-identity-api-version 3 --os-username myuser --os-tenant-name demo --os-password test user list
  ERROR: cliff.app Could not find user: myuser (HTTP 401)

  Well, looking at the code I see that user is searched within default
  domain, not mydomain

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1198171/+subscriptions