[Rdo-list] icehouse ldap integration
Rasanjaya Subasinghe
rasaposha at gmail.com
Wed Sep 10 06:32:01 UTC 2014
Hi Kashyap,
this is the configuration i have made for integrate with LDAP,
1. keystone.conf
url = ldap://192.168.16.100
user = cn=admin,dc=example,dc=org
password = 123
suffix = dc=example,dc=org
user_tree_dn = ou=Users,dc=example,dc=org
user_objectclass = inetOrgPerson
user_id_attribute = cn
user_name_attribute = cn
user_pass_attribute = userPassword
user_enabled_emulation = True
user_enabled_emulation_dn = cn=enabled_users,ou=Users,dc=example,dc=org
user_allow_create = False
user_allow_update = False
user_allow_delete = False
tenant_tree_dn = ou=Groups,dc=example,dc=org
tenant_objectclass = groupOfNames
tenant_id_attribute = cn
#tenant_domain_id_attribute = businessCategory
#tenant_domain_id_attribute = cn
tenant_member_attribute = member
tenant_name_attribute = cn
tenant_domain_id_attribute = None
tenant_allow_create = False
tenant_allow_update = False
tenant_allow_delete = False
role_tree_dn = ou=Roles,dc=example,dc=org
role_objectclass = organizationalRole
role_member_attribute = roleOccupant
role_id_attribute = cn
role_name_attribute = cn
role_allow_create = False
role_allow_update = False
role_allow_delete = False
*2.neutron.conf*
[DEFAULT]
# Print more verbose output (set logging level to INFO instead of default
WARNING level).
# verbose = True
verbose = True
# Print debugging output (set logging level to DEBUG instead of default
WARNING level).
# debug = False
debug = True
# Where to store Neutron state files. This directory must be writable by
the
# user executing the agent.
# state_path = /var/lib/neutron
# Where to store lock files
# lock_path = $state_path/lock
# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
# log_date_format = %Y-%m-%d %H:%M:%S
# use_syslog -> syslog
# log_file and log_dir -> log_dir/log_file
# (not log_file) and log_dir -> log_dir/{binary_name}.log
# use_stderr -> stderr
# (not user_stderr) and (not log_file) -> stdout
# publish_errors -> notification system
# use_syslog = False
use_syslog = False
# syslog_log_facility = LOG_USER
# use_stderr = False
# log_file =
# log_dir =
log_dir =/var/log/neutron
# publish_errors = False
# Address to bind the API server to
# bind_host = 0.0.0.0
bind_host = 0.0.0.0
# Port the bind the API server to
# bind_port = 9696
bind_port = 9696
# Path to the extensions. Note that this can be a colon-separated list of
# paths. For example:
# api_extensions_path =
extensions:/path/to/more/extensions:/even/more/extensions
# The __path__ of neutron.extensions is appended to this, so if your
# extensions are in there you don't need to specify them here
# api_extensions_path =
# (StrOpt) Neutron core plugin entrypoint to be loaded from the
# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of
the
# plugins included in the neutron source distribution. For compatibility
with
# previous versions, the class name of a plugin can be specified instead of
its
# entrypoint name.
#
# core_plugin =
core_plugin
=neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
# Example: core_plugin = ml2
# (ListOpt) List of service plugin entrypoints to be loaded from the
# neutron.service_plugins namespace. See setup.cfg for the entrypoint names
of
# the plugins included in the neutron source distribution. For compatibility
# with previous versions, the class name of a plugin can be specified
instead
# of its entrypoint name.
#
# service_plugins =
service_plugins =neutron.services.firewall.fwaas_plugin.FirewallPlugin
# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
# Paste configuration file
# api_paste_config = /usr/share/neutron/api-paste.ini
# The strategy to be used for auth.
# Supported values are 'keystone'(default), 'noauth'.
# auth_strategy = noauth
auth_strategy = keystone
# Base MAC address. The first 3 octets will remain unchanged. If the
# 4h octet is not 00, it will also be used. The others will be
# randomly generated.
# 3 octet
# base_mac = fa:16:3e:00:00:00
base_mac = fa:16:3e:00:00:00
# 4 octet
# base_mac = fa:16:3e:4f:00:00
# Maximum amount of retries to generate a unique MAC address
# mac_generation_retries = 16
mac_generation_retries = 16
# DHCP Lease duration (in seconds)
# dhcp_lease_duration = 86400
dhcp_lease_duration = 86400
# Allow sending resource operation notification to DHCP agent
# dhcp_agent_notification = True
# Enable or disable bulk create/update/delete operations
# allow_bulk = True
allow_bulk = True
# Enable or disable pagination
# allow_pagination = False
allow_pagination = False
# Enable or disable sorting
# allow_sorting = False
allow_sorting = False
# Enable or disable overlapping IPs for subnets
# Attention: the following parameter MUST be set to False if Neutron is
# being used in conjunction with nova security groups
# allow_overlapping_ips = True
allow_overlapping_ips = True
# Ensure that configured gateway is on subnet
# force_gateway_on_subnet = False
# RPC configuration options. Defined in rpc __init__
# The messaging module to use, defaults to kombu.
# rpc_backend = neutron.openstack.common.rpc.impl_kombu
rpc_backend = neutron.openstack.common.rpc.impl_kombu
# Size of RPC thread pool
# rpc_thread_pool_size = 64
# Size of RPC connection pool
# rpc_conn_pool_size = 30
# Seconds to wait for a response from call or multicall
# rpc_response_timeout = 60
# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
# rpc_cast_timeout = 30
# Modules of exceptions that are permitted to be recreated
# upon receiving exception data from an rpc call.
# allowed_rpc_exception_modules = neutron.openstack.common.exception,
nova.exception
# AMQP exchange to connect to if using RabbitMQ or QPID
# control_exchange = neutron
control_exchange = neutron
# If passed, use a fake RabbitMQ provider
# fake_rabbit = False
# Configuration options if sending notifications via kombu rpc (these are
# the defaults)
# SSL version to use (valid only if SSL enabled)
# kombu_ssl_version =
# SSL key file (valid only if SSL enabled)
# kombu_ssl_keyfile =
# SSL cert file (valid only if SSL enabled)
# kombu_ssl_certfile =
# SSL certification authority file (valid only if SSL enabled)
# kombu_ssl_ca_certs =
# IP address of the RabbitMQ installation
# rabbit_host = localhost
rabbit_host = 192.168.32.20
# Password of the RabbitMQ server
# rabbit_password = guest
rabbit_password = guest
# Port where RabbitMQ server is running/listening
# rabbit_port = 5672
rabbit_port = 5672
# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672,
host2:5672)
# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
# rabbit_hosts = localhost:5672
rabbit_hosts = 192.168.32.20:5672
# User ID used for RabbitMQ connections
# rabbit_userid = guest
rabbit_userid = guest
# Location of a virtual RabbitMQ installation.
# rabbit_virtual_host = /
rabbit_virtual_host = /
# Maximum retries with trying to connect to RabbitMQ
# (the default of 0 implies an infinite retry count)
# rabbit_max_retries = 0
# RabbitMQ connection retry interval
# rabbit_retry_interval = 1
# Use HA queues in RabbitMQ (x-ha-policy: all). You need to
# wipe RabbitMQ database when changing this option. (boolean value)
# rabbit_ha_queues = false
rabbit_ha_queues = False
# QPID
# rpc_backend=neutron.openstack.common.rpc.impl_qpid
# Qpid broker hostname
# qpid_hostname = localhost
# Qpid broker port
# qpid_port = 5672
# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
# qpid_hosts = localhost:5672
# Username for qpid connection
# qpid_username = ''
# Password for qpid connection
# qpid_password = ''
# Space separated list of SASL mechanisms to use for auth
# qpid_sasl_mechanisms = ''
# Seconds between connection keepalive heartbeats
# qpid_heartbeat = 60
# Transport to use, either 'tcp' or 'ssl'
# qpid_protocol = tcp
# Disable Nagle algorithm
# qpid_tcp_nodelay = True
# ZMQ
# rpc_backend=neutron.openstack.common.rpc.impl_zmq
# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or
IP.
# The "host" option should point or resolve to this address.
# rpc_zmq_bind_address = *
# ============ Notification System Options =====================
# Notifications can be sent when network/subnet/port are created, updated
or deleted.
# There are three methods of sending notifications: logging (via the
# log_file directive), rpc (via a message queue) and
# noop (no notifications sent, the default)
# Notification_driver can be defined multiple times
# Do nothing driver
# notification_driver = neutron.openstack.common.notifier.no_op_notifier
# Logging driver
# notification_driver = neutron.openstack.common.notifier.log_notifier
# RPC driver.
# notification_driver = neutron.openstack.common.notifier.rpc_notifier
# default_notification_level is used to form actual topic name(s) or to set
logging level
# default_notification_level = INFO
# default_publisher_id is a part of the notification payload
# host = myhost.com
# default_publisher_id = $host
# Defined in rpc_notifier, can be comma separated values.
# The actual topic names will be %s.%(default_notification_level)s
# notification_topics = notifications
# Default maximum number of items returned in a single response,
# value == infinite and value < 0 means no max limit, and value must
# be greater than 0. If the number of items requested is greater than
# pagination_max_limit, server will just return pagination_max_limit
# of number of items.
# pagination_max_limit = -1
# Maximum number of DNS nameservers per subnet
# max_dns_nameservers = 5
# Maximum number of host routes per subnet
# max_subnet_host_routes = 20
# Maximum number of fixed ips per port
# max_fixed_ips_per_port = 5
# =========== items for agent management extension =============
# Seconds to regard the agent as down; should be at least twice
# report_interval, to be sure the agent is down for good
# agent_down_time = 75
agent_down_time = 75
# =========== end of items for agent management extension =====
# =========== items for agent scheduler extension =============
# Driver to use for scheduling network to DHCP agent
# network_scheduler_driver =
neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
# Driver to use for scheduling router to a default L3 agent
# router_scheduler_driver =
neutron.scheduler.l3_agent_scheduler.ChanceScheduler
router_scheduler_driver =
neutron.scheduler.l3_agent_scheduler.ChanceScheduler
# Driver to use for scheduling a loadbalancer pool to an lbaas agent
# loadbalancer_pool_scheduler_driver =
neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
# networks to first DHCP agent which sends get_active_networks message to
# neutron server
# network_auto_schedule = True
# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
# routers to first L3 agent which sends sync_routers message to neutron
server
# router_auto_schedule = True
# Number of DHCP agents scheduled to host a network. This enables redundant
# DHCP agents for configured networks.
# dhcp_agents_per_network = 1
dhcp_agents_per_network = 1
# =========== end of items for agent scheduler extension =====
# =========== WSGI parameters related to the API server ==============
# Number of separate worker processes to spawn. The default, 0, runs the
# worker thread in the current process. Greater than 0 launches that
number of
# child processes as workers. The parent process manages them.
# api_workers = 0
api_workers = 0
# Number of separate RPC worker processes to spawn. The default, 0, runs
the
# worker thread in the current process. Greater than 0 launches that
number of
# child processes as RPC workers. The parent process manages them.
# This feature is experimental until issues are addressed and testing has
been
# enabled for various plugins for compatibility.
# rpc_workers = 0
# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket
when
# starting API server. Not supported on OS X.
# tcp_keepidle = 600
# Number of seconds to keep retrying to listen
# retry_until_window = 30
# Number of backlog requests to configure the socket with.
# backlog = 4096
# Max header line to accommodate large tokens
# max_header_line = 16384
# Enable SSL on the API server
# use_ssl = False
use_ssl = False
# Certificate file to use when starting API server securely
# ssl_cert_file = /path/to/certfile
# Private key file to use when starting API server securely
# ssl_key_file = /path/to/keyfile
# CA certificate file to use when starting API server securely to
# verify connecting clients. This is an optional parameter only required if
# API clients need to authenticate to the API server using SSL certificates
# signed by a trusted CA
# ssl_ca_file = /path/to/cafile
# ======== end of WSGI parameters related to the API server ==========
# ======== neutron nova interactions ==========
# Send notification to nova when port status is active.
# notify_nova_on_port_status_changes = False
notify_nova_on_port_status_changes = True
# Send notifications to nova when port data (fixed_ips/floatingips) change
# so nova can update it's cache.
# notify_nova_on_port_data_changes = False
notify_nova_on_port_data_changes = True
# URL for connection to nova (Only supports one nova region currently).
# nova_url = http://127.0.0.1:8774/v2
nova_url = http://192.168.32.20:8774/v2
# Name of nova region to use. Useful if keystone manages more than one
region
# nova_region_name =
nova_region_name =RegionOne
# Username for connection to nova in admin context
# nova_admin_username =
nova_admin_username =nova
# The uuid of the admin nova tenant
# nova_admin_tenant_id =
nova_admin_tenant_id =d3e2355e31b449cca9dd57fa5073ec2f
# Password for connection to nova in admin context.
# nova_admin_password =
nova_admin_password =secret
# Authorization URL for connection to nova in admin context.
# nova_admin_auth_url =
nova_admin_auth_url =http://192.168.32.20:35357/v2.0
# Number of seconds between sending events to nova if there are any events
to send
# send_events_interval = 2
send_events_interval = 2
# ======== end of neutron nova interactions ==========
rabbit_use_ssl=False
[quotas]
# Default driver to use for quota checks
# quota_driver = neutron.db.quota_db.DbQuotaDriver
# Resource name(s) that are supported in quota features
# quota_items = network,subnet,port
# Default number of resource allowed per tenant. A negative value means
# unlimited.
# default_quota = -1
# Number of networks allowed per tenant. A negative value means unlimited.
# quota_network = 10
# Number of subnets allowed per tenant. A negative value means unlimited.
# quota_subnet = 10
# Number of ports allowed per tenant. A negative value means unlimited.
# quota_port = 50
# Number of security groups allowed per tenant. A negative value means
# unlimited.
# quota_security_group = 10
# Number of security group rules allowed per tenant. A negative value means
# unlimited.
# quota_security_group_rule = 100
# Number of vips allowed per tenant. A negative value means unlimited.
# quota_vip = 10
# Number of pools allowed per tenant. A negative value means unlimited.
# quota_pool = 10
# Number of pool members allowed per tenant. A negative value means
unlimited.
# The default is unlimited because a member is not a real resource consumer
# on Openstack. However, on back-end, a member is a resource consumer
# and that is the reason why quota is possible.
# quota_member = -1
# Number of health monitors allowed per tenant. A negative value means
# unlimited.
# The default is unlimited because a health monitor is not a real resource
# consumer on Openstack. However, on back-end, a member is a resource
consumer
# and that is the reason why quota is possible.
# quota_health_monitors = -1
# Number of routers allowed per tenant. A negative value means unlimited.
# quota_router = 10
# Number of floating IPs allowed per tenant. A negative value means
unlimited.
# quota_floatingip = 50
[agent]
# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
# root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
# =========== items for agent management extension =============
# seconds between nodes reporting state to server; should be less than
# agent_down_time, best if it is half or less than agent_down_time
# report_interval = 30
report_interval = 30
# =========== end of items for agent management extension =====
[keystone_authtoken]
# auth_host = 127.0.0.1
auth_host = 192.168.32.20
# auth_port = 35357
auth_port = 35357
# auth_protocol = http
auth_protocol = http
# admin_tenant_name = %SERVICE_TENANT_NAME%
admin_tenant_name = services
# admin_user = %SERVICE_USER%
admin_user = neutron
# admin_password = %SERVICE_PASSWORD%
admin_password = secret
auth_uri=http://192.168.32.20:5000/
[database]
# This line MUST be changed to actually run the plugin.
# Example:
# connection = mysql://root:pass@127.0.0.1:3306/neutron
connection = mysql://neutron:secret@192.168.32.20/ovs_neutron
# Replace 127.0.0.1 above with the IP address of the database used by the
# main neutron server. (Leave it as is if the database runs on this host.)
# connection = sqlite://
# The SQLAlchemy connection string used to connect to the slave database
# slave_connection =
# Database reconnection retry times - in event connectivity is lost
# set to -1 implies an infinite retry count
# max_retries = 10
max_retries = 10
# Database reconnection interval in seconds - if the initial connection to
the
# database fails
# retry_interval = 10
retry_interval = 10
# Minimum number of SQL connections to keep open in a pool
# min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# max_pool_size = 10
# Timeout in seconds before idle sql connections are reaped
# idle_timeout = 3600
idle_timeout = 3600
# If set, use this value for max_overflow with sqlalchemy
# max_overflow = 20
# Verbosity of SQL debugging information. 0=None, 100=Everything
# connection_debug = 0
# Add python stack traces to SQL as comment strings
# connection_trace = False
# If set, use this value for pool_timeout with sqlalchemy
# pool_timeout = 10
[service_providers]
# Specify service providers (drivers) for advanced services like
loadbalancer, VPN, Firewall.
# Must be in form:
# service_provider=<service_type>:<name>:<driver>[:default]
# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
# Combination of <service type> and <name> must be unique; <driver> must
also be unique
# This is multiline option, example for default provider:
# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
# example of non-default provider:
# service_provider=FIREWALL:name2:firewall_driver_path
# --- Reference implementations ---
# service_provider =
LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
# In order to activate Radware's lbaas driver you need to uncomment the
next line.
# If you want to keep the HA Proxy as the default lbaas driver, remove the
attribute default from the line below.
# Otherwise comment the HA Proxy line
# service_provider =
LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
# uncomment the following line to make the 'netscaler' LBaaS provider
available.
#
service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
# Uncomment the following line (and comment out the OpenSwan VPN line) to
enable Cisco's VPN driver.
#
service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
# Uncomment the line below to use Embrane heleos as Load Balancer service
provider.
#
service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
*3.Ldif.file for openLDAP*
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.org
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: example Inc
dc: example
# Groups, example.org
dn: ou=Groups,dc=example,dc=org
ou: Groups
objectClass: organizationalUnit
# Users, example.org
dn: ou=Users,dc=example,dc=org
ou: users
objectClass: organizationalUnit
# Roles, example.org
dn: ou=Roles,dc=example,dc=org
ou: roles
objectClass: organizationalUnit
# admin, Users, example.org
dn: cn=admin,ou=Users,dc=example,dc=org
cn: admin
objectClass: inetOrgPerson
objectClass: top
sn: admin
uid: admin
userPassword: secret
# demo, Users, example.org
dn: cn=demo,ou=Users,dc=example,dc=org
cn: demo
objectClass: inetOrgPerson
objectClass: top
sn: demo
uid: demo
userPassword: demo
# cinder, Users, example.org
dn: cn=cinder,ou=Users,dc=example,dc=org
cn: cinder
objectClass: inetOrgPerson
objectClass: top
sn: cinder
uid: cinder
userPassword: secret
# glance, Users, example.org
dn: cn=glance,ou=Users,dc=example,dc=org
cn: glance
objectClass: inetOrgPerson
objectClass: top
sn: glance
uid: glance
userPassword: secret
# nova, Users, example.org
dn: cn=nova,ou=Users,dc=example,dc=org
cn: nova
objectClass: inetOrgPerson
objectClass: top
sn: nova
uid: nova
userPassword: secret
# neutron, Users, example.org
dn: cn=neutron,ou=Users,dc=example,dc=org
cn: neutron
objectClass: inetOrgPerson
objectClass: top
sn: neutron
uid: neutron
userPassword: secret
# enabled_users, Users, example.org
dn: cn=enabled_users,ou=Users,dc=example,dc=org
cn: enabled_users
member: cn=admin,ou=Users,dc=example,dc=org
member: cn=demo,ou=Users,dc=example,dc=org
member: cn=nova,ou=Users,dc=example,dc=org
member: cn=glance,ou=Users,dc=example,dc=org
member: cn=cinder,ou=Users,dc=example,dc=org
member: cn=neutron,ou=Users,dc=example,dc=org
objectClass: groupOfNames
# demo, Groups, example.org
dn: cn=demo,ou=Groups,dc=example,dc=org
cn: demo
objectClass: groupOfNames
member: cn=admin,ou=Users,dc=example,dc=org
member: cn=demo,ou=Users,dc=example,dc=org
member: cn=nova,ou=Users,dc=example,dc=org
member: cn=glance,ou=Users,dc=example,dc=org
member: cn=cinder,ou=Users,dc=example,dc=org
member: cn=neutron,ou=Users,dc=example,dc=org
# Member, demo, Groups, example.org
dn: cn=Member,cn=demo,ou=Groups,dc=example,dc=org
cn: member
description: Role associated with openstack users
objectClass: organizationalRole
roleOccupant: cn=demo,ou=Users,dc=example,dc=org
# admin, demo, Groups, example.org
dn: cn=admin,cn=demo,ou=Groups,dc=example,dc=org
cn: admin
description: Role associated with openstack users
objectClass: organizationalRole
roleOccupant: cn=admin,ou=Users,dc=example,dc=org
roleOccupant: cn=nova,ou=Users,dc=example,dc=org
roleOccupant: cn=glance,ou=Users,dc=example,dc=org
roleOccupant: cn=cinder,ou=Users,dc=example,dc=org
roleOccupant: cn=neutron,ou=Users,dc=example,dc=org
# services, Groups, example.org
dn: cn=services,ou=Groups,dc=example,dc=org
cn: services
objectClass: groupOfNames
member: cn=admin,ou=Users,dc=example,dc=org
member: cn=demo,ou=Users,dc=example,dc=org
member: cn=nova,ou=Users,dc=example,dc=org
member: cn=glance,ou=Users,dc=example,dc=org
member: cn=cinder,ou=Users,dc=example,dc=org
member: cn=neutron,ou=Users,dc=example,dc=org
# admin, services, Groups, example.org
dn: cn=admin,cn=services,ou=Groups,dc=example,dc=org
cn: admin
description: Role associated with openstack users
objectClass: organizationalRole
roleOccupant: cn=admin,ou=Users,dc=example,dc=org
roleOccupant: cn=nova,ou=Users,dc=example,dc=org
roleOccupant: cn=glance,ou=Users,dc=example,dc=org
roleOccupant: cn=cinder,ou=Users,dc=example,dc=org
roleOccupant: cn=neutron,ou=Users,dc=example,dc=org
# admin, Groups, example.org
dn: cn=admin,ou=Groups,dc=example,dc=org
cn: admin
objectClass: groupOfNames
member: cn=admin,ou=Users,dc=example,dc=org
member: cn=demo,ou=Users,dc=example,dc=org
member: cn=nova,ou=Users,dc=example,dc=org
member: cn=glance,ou=Users,dc=example,dc=org
member: cn=cinder,ou=Users,dc=example,dc=org
member: cn=neutron,ou=Users,dc=example,dc=org
# admin, admin, Groups, example.org
dn: cn=admin,cn=admin,ou=Groups,dc=example,dc=org
cn: admin
description: Role associated with openstack users
objectClass: organizationalRole
roleOccupant: cn=admin,ou=Users,dc=example,dc=org
roleOccupant: cn=nova,ou=Users,dc=example,dc=org
roleOccupant: cn=glance,ou=Users,dc=example,dc=org
roleOccupant: cn=cinder,ou=Users,dc=example,dc=org
roleOccupant: cn=neutron,ou=Users,dc=example,dc=org
# Member, Roles, example.org
dn: cn=Member,ou=Roles,dc=example,dc=org
cn: member
description: Role associated with openstack users
objectClass: organizationalRole
roleOccupant: cn=demo,ou=Users,dc=example,dc=org
# admin, Roles, example.org
dn: cn=admin,ou=Roles,dc=example,dc=org
cn: admin
description: Role associated with openstack users
objectClass: organizationalRole
roleOccupant: cn=admin,ou=Users,dc=example,dc=org
roleOccupant: cn=nova,ou=Users,dc=example,dc=org
roleOccupant: cn=glance,ou=Users,dc=example,dc=org
roleOccupant: cn=cinder,ou=Users,dc=example,dc=org
roleOccupant: cn=neutron,ou=Users,dc=example,dc=org
On Wed, Sep 10, 2014 at 11:56 AM, Rasanjaya Subasinghe <rasaposha at gmail.com>
wrote:
>
> Hi,
> Sorry for the inconvenience sir,I herewith attached the
> keystone.conf,neutron.conf and LDAP ldif file.
> Its Centos6.5 and control and 3 compute node setup in-house cloud and
> without LDAP keystone settings(
> driver=keystone.identity.backends.ldap.Identity) everything working fine.
> those are,
> 1.Instance spawn perfectly,
> 2.live migration work perfectly.
> then try to configure keystone with LDAP driver gives that error on
> neutron server.log.
> 3.This setup up is tested on without ml2 and even ml2 test end
> with same issue.
> I will attached the LDAP file and neutron file.
> *keystone version 0.9.0
>
>
>
>
>
> below shows the neutron error show on compute.log
>
> On Wed, Sep 10, 2014 at 11:52 AM, Rasanjaya Subasinghe <
> rasaposha at gmail.com> wrote:
>
>>
>> On Sep 9, 2014, at 8:09 PM, Rasanjaya Subasinghe <Rasaposha at gmail.com>
>> wrote:
>>
>>
>> Hi Kashyap,
>> Its Centos6.5 and control and 3 compute node setup in-house cloud and
>> without LDAP keystone settings(
>> driver=keystone.identity.backends.ldap.Identity) everything working
>> fine. those are,
>> 1.Instance spawn perfectly,
>> 2.live migration work perfectly.
>> then try to configure keystone with LDAP driver gives that error on
>> neutron server.log.
>> 3.This setup up is tested on without ml2 and even ml2 test end
>> with same issue.
>> I will attached the LDAP file and neutron file.
>> *keystone version 0.9.0
>> <keystone.conf>
>> <neutron.conf>
>> <staging.ldif>
>> below shows the neutron error show on compute.log
>>
>> <Screen Shot 2014-09-09 at 8.08.25 PM.png>
>>
>> cheers,
>> thanks
>> Begin forwarded message:
>>
>> *From: *Kashyap Chamarthy <kchamart at redhat.com>
>> *Subject: **Re: [Rdo-list] icehouse ldap integration*
>> *Date: *September 9, 2014 at 7:27:59 PM GMT+5:30
>> *To: *Rasanjaya Subasinghe <rasaposha at gmail.com>
>> *Cc: *rdo-list at redhat.com
>>
>> On Tue, Sep 09, 2014 at 06:19:56PM +0530, Rasanjaya Subasinghe wrote:
>>
>>
>> Hi,
>> I tried to configure openstack ice house with LDAP and all things are
>> goes well execp neutron issue, this is the issue which appears on the
>> server.log file of neutron service.
>>
>> Can you guide me for this matter? thanks for the help.
>>
>>
>> This information you've provided is not sufficient to give any
>> meaningful response.
>>
>> At a minimum, if anyone have to help you diagnose your issue, you need
>> to provide:
>>
>> - Describe in more detail what you mean by "configure
>> openstack ice house with LDAP".
>> - What is the test you're trying to perform? An exact reproducer would
>> be very useful.
>> - What is the exact error message you see? Contextual logs/errors from
>> Keystone/Nova.
>> - Exact versions of Keystone, and other relevant packages.
>> - What OS? Fedora? CentOS? Something else?
>> - Probably, provide config files for /etc/keystone/keystone.conf and
>> relevant Neutron config files (preferably uploaded somewhere in
>> *plain text*).
>>
>>
>> --
>> /kashyap
>>
>>
>>
>>
>
>
> --
> Rasanjaya Subasinghe
>
--
Rasanjaya Subasinghe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20140910/c6c6b023/attachment.html>
More information about the dev
mailing list