yahoo-eng-team team mailing list archive

[Christiaan <christiaan.rademan@xxxxxxxxx>]

Public bug reported:

Ubuntu 16.04 LTS with Mitaka installation from ubuntu repo packages.

All seems to work until I tested keystone using domain configurations +
ldap

With the following configuration enabled:

domain_specific_drivers_enabled = true
domain_configurations_from_database = false

I am only able to create a role, project and user.

When I try using assignment to assign the user to the project with role admin it fails. 
root@supafly /home/chris $ openstack role add --domain default --user admin admin
Could not find resource admin

But I was able to successfully create the user and its visible in the
LDAP database using the openstack python cli.

When I try login with the user admin that I created, i get an error user
not assigned to any domains or projects.

So I disabled domain_Sepcific_drivers_enabled by setting it to false:
domain_specific_drivers_enabled = false

I tried to create the user again, which was also succesfully.
Then when I tried to assign role it worked fine.

However does not work with domain_specific_drivers_enabled.

>From my understanding is if I remove the domain_specific_configuration
file /etc/keystone/keystone_default.conf

Then login with domain default then it should not be using LDAP. Since
the driver is only set to LDAP within the domain specific configuration.
It should then be using SQL. But the results are exactly the same. So
its something related to enable the domain_specific_configuration.

Please advice what output is necessary.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1594812

Title:
  domain + ldap configuration breaks ability to add admin user to admin
  project

Status in OpenStack Identity (keystone):
  New

Bug description:
  Ubuntu 16.04 LTS with Mitaka installation from ubuntu repo packages.

  All seems to work until I tested keystone using domain configurations
  + ldap

  With the following configuration enabled:

  domain_specific_drivers_enabled = true
  domain_configurations_from_database = false

  I am only able to create a role, project and user.

  When I try using assignment to assign the user to the project with role admin it fails. 
  root@supafly /home/chris $ openstack role add --domain default --user admin admin
  Could not find resource admin

  But I was able to successfully create the user and its visible in the
  LDAP database using the openstack python cli.

  When I try login with the user admin that I created, i get an error
  user not assigned to any domains or projects.

  So I disabled domain_Sepcific_drivers_enabled by setting it to false:
  domain_specific_drivers_enabled = false

  I tried to create the user again, which was also succesfully.
  Then when I tried to assign role it worked fine.

  However does not work with domain_specific_drivers_enabled.

  From my understanding is if I remove the domain_specific_configuration
  file /etc/keystone/keystone_default.conf

  Then login with domain default then it should not be using LDAP. Since
  the driver is only set to LDAP within the domain specific
  configuration. It should then be using SQL. But the results are
  exactly the same. So its something related to enable the
  domain_specific_configuration.

  Please advice what output is necessary.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1594812/+subscriptions