← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #57818

[Bug 1594812] Re: domain + ldap configuration breaks ability to add admin user to admin project

  Thread PreviousDate PreviousThread Next 
[Expired for OpenStack Identity (keystone) because there has been no
activity for 60 days.]

** Changed in: keystone
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1594812

Title:
  domain + ldap configuration breaks ability to add admin user to admin
  project

Status in OpenStack Identity (keystone):
  Expired

Bug description:
  Ubuntu 16.04 LTS with Mitaka installation from ubuntu repo packages.

  All seems to work until I tested keystone using domain configurations
  + ldap

  With the following configuration enabled:

  domain_specific_drivers_enabled = true
  domain_configurations_from_database = false

  I am only able to create a role, project and user.

  When I try using assignment to assign the user to the project with role admin it fails. 
  root@supafly /home/chris $ openstack role add --domain default --user admin admin
  Could not find resource admin

  But I was able to successfully create the user and its visible in the
  LDAP database using the openstack python cli.

  When I try login with the user admin that I created, i get an error
  user not assigned to any domains or projects.

  So I disabled domain_Sepcific_drivers_enabled by setting it to false:
  domain_specific_drivers_enabled = false

  I tried to create the user again, which was also succesfully.
  Then when I tried to assign role it worked fine.

  However does not work with domain_specific_drivers_enabled.

  From my understanding is if I remove the domain_specific_configuration
  file /etc/keystone/keystone_default.conf

  Then login with domain default then it should not be using LDAP. Since
  the driver is only set to LDAP within the domain specific
  configuration. It should then be using SQL. But the results are
  exactly the same. So its something related to enable the
  domain_specific_configuration.

  Please advice what output is necessary.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1594812/+subscriptions

References

  Thread PreviousDate PreviousThread Next