[Rdo-list] icehouse ldap integration

Rasanjaya Subasinghe rasaposha at gmail.com
Wed Sep 10 06:33:04 UTC 2014


Hi sir,

I will provide more details for reproduce the issue.

cheers

On Wed, Sep 10, 2014 at 12:02 PM, Rasanjaya Subasinghe <rasaposha at gmail.com>
wrote:

> Hi Kashyap,
>
> this is the configuration i have made for integrate with LDAP,
>
> 1. keystone.conf
>
> url = ldap://192.168.16.100
>
> user = cn=admin,dc=example,dc=org
>
> password = 123
>
> suffix = dc=example,dc=org
>
>
> user_tree_dn = ou=Users,dc=example,dc=org
>
> user_objectclass = inetOrgPerson
>
> user_id_attribute = cn
>
> user_name_attribute = cn
>
> user_pass_attribute = userPassword
>
> user_enabled_emulation = True
>
> user_enabled_emulation_dn = cn=enabled_users,ou=Users,dc=example,dc=org
>
> user_allow_create = False
>
> user_allow_update = False
>
> user_allow_delete = False
>
>
> tenant_tree_dn = ou=Groups,dc=example,dc=org
>
> tenant_objectclass = groupOfNames
>
> tenant_id_attribute = cn
>
> #tenant_domain_id_attribute = businessCategory
>
> #tenant_domain_id_attribute = cn
>
> tenant_member_attribute = member
>
> tenant_name_attribute = cn
>
> tenant_domain_id_attribute = None
>
> tenant_allow_create = False
>
> tenant_allow_update = False
>
> tenant_allow_delete = False
>
>
>
> role_tree_dn = ou=Roles,dc=example,dc=org
>
> role_objectclass = organizationalRole
>
> role_member_attribute = roleOccupant
>
> role_id_attribute = cn
>
> role_name_attribute = cn
>
> role_allow_create = False
>
> role_allow_update = False
>
> role_allow_delete = False
>
> *2.neutron.conf*
>
> [DEFAULT]
> # Print more verbose output (set logging level to INFO instead of default
> WARNING level).
> # verbose = True
> verbose = True
>
> # Print debugging output (set logging level to DEBUG instead of default
> WARNING level).
> # debug = False
> debug = True
>
> # Where to store Neutron state files.  This directory must be writable by
> the
> # user executing the agent.
> # state_path = /var/lib/neutron
>
> # Where to store lock files
> # lock_path = $state_path/lock
>
> # log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
> # log_date_format = %Y-%m-%d %H:%M:%S
>
> # use_syslog                           -> syslog
> # log_file and log_dir                 -> log_dir/log_file
> # (not log_file) and log_dir           -> log_dir/{binary_name}.log
> # use_stderr                           -> stderr
> # (not user_stderr) and (not log_file) -> stdout
> # publish_errors                       -> notification system
>
> # use_syslog = False
> use_syslog = False
> # syslog_log_facility = LOG_USER
>
> # use_stderr = False
> # log_file =
> # log_dir =
> log_dir =/var/log/neutron
>
> # publish_errors = False
>
> # Address to bind the API server to
> # bind_host = 0.0.0.0
> bind_host = 0.0.0.0
>
> # Port the bind the API server to
> # bind_port = 9696
> bind_port = 9696
>
> # Path to the extensions.  Note that this can be a colon-separated list of
> # paths.  For example:
> # api_extensions_path =
> extensions:/path/to/more/extensions:/even/more/extensions
> # The __path__ of neutron.extensions is appended to this, so if your
> # extensions are in there you don't need to specify them here
> # api_extensions_path =
>
> # (StrOpt) Neutron core plugin entrypoint to be loaded from the
> # neutron.core_plugins namespace. See setup.cfg for the entrypoint names
> of the
> # plugins included in the neutron source distribution. For compatibility
> with
> # previous versions, the class name of a plugin can be specified instead
> of its
> # entrypoint name.
> #
> # core_plugin =
> core_plugin
> =neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
> # Example: core_plugin = ml2
>
> # (ListOpt) List of service plugin entrypoints to be loaded from the
> # neutron.service_plugins namespace. See setup.cfg for the entrypoint
> names of
> # the plugins included in the neutron source distribution. For
> compatibility
> # with previous versions, the class name of a plugin can be specified
> instead
> # of its entrypoint name.
> #
> # service_plugins =
> service_plugins =neutron.services.firewall.fwaas_plugin.FirewallPlugin
> # Example: service_plugins = router,firewall,lbaas,vpnaas,metering
>
> # Paste configuration file
> # api_paste_config = /usr/share/neutron/api-paste.ini
>
> # The strategy to be used for auth.
> # Supported values are 'keystone'(default), 'noauth'.
> # auth_strategy = noauth
> auth_strategy = keystone
>
> # Base MAC address. The first 3 octets will remain unchanged. If the
> # 4h octet is not 00, it will also be used. The others will be
> # randomly generated.
> # 3 octet
> # base_mac = fa:16:3e:00:00:00
> base_mac = fa:16:3e:00:00:00
> # 4 octet
> # base_mac = fa:16:3e:4f:00:00
>
> # Maximum amount of retries to generate a unique MAC address
> # mac_generation_retries = 16
> mac_generation_retries = 16
>
> # DHCP Lease duration (in seconds)
> # dhcp_lease_duration = 86400
> dhcp_lease_duration = 86400
>
> # Allow sending resource operation notification to DHCP agent
> # dhcp_agent_notification = True
>
> # Enable or disable bulk create/update/delete operations
> # allow_bulk = True
> allow_bulk = True
> # Enable or disable pagination
> # allow_pagination = False
> allow_pagination = False
> # Enable or disable sorting
> # allow_sorting = False
> allow_sorting = False
> # Enable or disable overlapping IPs for subnets
> # Attention: the following parameter MUST be set to False if Neutron is
> # being used in conjunction with nova security groups
> # allow_overlapping_ips = True
> allow_overlapping_ips = True
> # Ensure that configured gateway is on subnet
> # force_gateway_on_subnet = False
>
>
> # RPC configuration options. Defined in rpc __init__
> # The messaging module to use, defaults to kombu.
> # rpc_backend = neutron.openstack.common.rpc.impl_kombu
> rpc_backend = neutron.openstack.common.rpc.impl_kombu
> # Size of RPC thread pool
> # rpc_thread_pool_size = 64
> # Size of RPC connection pool
> # rpc_conn_pool_size = 30
> # Seconds to wait for a response from call or multicall
> # rpc_response_timeout = 60
> # Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
> # rpc_cast_timeout = 30
> # Modules of exceptions that are permitted to be recreated
> # upon receiving exception data from an rpc call.
> # allowed_rpc_exception_modules = neutron.openstack.common.exception,
> nova.exception
> # AMQP exchange to connect to if using RabbitMQ or QPID
> # control_exchange = neutron
> control_exchange = neutron
>
> # If passed, use a fake RabbitMQ provider
> # fake_rabbit = False
>
> # Configuration options if sending notifications via kombu rpc (these are
> # the defaults)
> # SSL version to use (valid only if SSL enabled)
> # kombu_ssl_version =
> # SSL key file (valid only if SSL enabled)
> # kombu_ssl_keyfile =
> # SSL cert file (valid only if SSL enabled)
> # kombu_ssl_certfile =
> # SSL certification authority file (valid only if SSL enabled)
> # kombu_ssl_ca_certs =
> # IP address of the RabbitMQ installation
> # rabbit_host = localhost
> rabbit_host = 192.168.32.20
> # Password of the RabbitMQ server
> # rabbit_password = guest
> rabbit_password = guest
> # Port where RabbitMQ server is running/listening
> # rabbit_port = 5672
> rabbit_port = 5672
> # RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672,
> host2:5672)
> # rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
> # rabbit_hosts = localhost:5672
> rabbit_hosts = 192.168.32.20:5672
> # User ID used for RabbitMQ connections
> # rabbit_userid = guest
> rabbit_userid = guest
> # Location of a virtual RabbitMQ installation.
> # rabbit_virtual_host = /
> rabbit_virtual_host = /
> # Maximum retries with trying to connect to RabbitMQ
> # (the default of 0 implies an infinite retry count)
> # rabbit_max_retries = 0
> # RabbitMQ connection retry interval
> # rabbit_retry_interval = 1
> # Use HA queues in RabbitMQ (x-ha-policy: all). You need to
> # wipe RabbitMQ database when changing this option. (boolean value)
> # rabbit_ha_queues = false
> rabbit_ha_queues = False
>
> # QPID
> # rpc_backend=neutron.openstack.common.rpc.impl_qpid
> # Qpid broker hostname
> # qpid_hostname = localhost
> # Qpid broker port
> # qpid_port = 5672
> # Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
> # qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
> # qpid_hosts = localhost:5672
> # Username for qpid connection
> # qpid_username = ''
> # Password for qpid connection
> # qpid_password = ''
> # Space separated list of SASL mechanisms to use for auth
> # qpid_sasl_mechanisms = ''
> # Seconds between connection keepalive heartbeats
> # qpid_heartbeat = 60
> # Transport to use, either 'tcp' or 'ssl'
> # qpid_protocol = tcp
> # Disable Nagle algorithm
> # qpid_tcp_nodelay = True
>
> # ZMQ
> # rpc_backend=neutron.openstack.common.rpc.impl_zmq
> # ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or
> IP.
> # The "host" option should point or resolve to this address.
> # rpc_zmq_bind_address = *
>
> # ============ Notification System Options =====================
>
> # Notifications can be sent when network/subnet/port are created, updated
> or deleted.
> # There are three methods of sending notifications: logging (via the
> # log_file directive), rpc (via a message queue) and
> # noop (no notifications sent, the default)
>
> # Notification_driver can be defined multiple times
> # Do nothing driver
> # notification_driver = neutron.openstack.common.notifier.no_op_notifier
> # Logging driver
> # notification_driver = neutron.openstack.common.notifier.log_notifier
> # RPC driver.
> # notification_driver = neutron.openstack.common.notifier.rpc_notifier
>
> # default_notification_level is used to form actual topic name(s) or to
> set logging level
> # default_notification_level = INFO
>
> # default_publisher_id is a part of the notification payload
> # host = myhost.com
> # default_publisher_id = $host
>
> # Defined in rpc_notifier, can be comma separated values.
> # The actual topic names will be %s.%(default_notification_level)s
> # notification_topics = notifications
>
> # Default maximum number of items returned in a single response,
> # value == infinite and value < 0 means no max limit, and value must
> # be greater than 0. If the number of items requested is greater than
> # pagination_max_limit, server will just return pagination_max_limit
> # of number of items.
> # pagination_max_limit = -1
>
> # Maximum number of DNS nameservers per subnet
> # max_dns_nameservers = 5
>
> # Maximum number of host routes per subnet
> # max_subnet_host_routes = 20
>
> # Maximum number of fixed ips per port
> # max_fixed_ips_per_port = 5
>
> # =========== items for agent management extension =============
> # Seconds to regard the agent as down; should be at least twice
> # report_interval, to be sure the agent is down for good
> # agent_down_time = 75
> agent_down_time = 75
> # ===========  end of items for agent management extension =====
>
> # =========== items for agent scheduler extension =============
> # Driver to use for scheduling network to DHCP agent
> # network_scheduler_driver =
> neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
> # Driver to use for scheduling router to a default L3 agent
> # router_scheduler_driver =
> neutron.scheduler.l3_agent_scheduler.ChanceScheduler
> router_scheduler_driver =
> neutron.scheduler.l3_agent_scheduler.ChanceScheduler
> # Driver to use for scheduling a loadbalancer pool to an lbaas agent
> # loadbalancer_pool_scheduler_driver =
> neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
>
> # Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
> # networks to first DHCP agent which sends get_active_networks message to
> # neutron server
> # network_auto_schedule = True
>
> # Allow auto scheduling routers to L3 agent. It will schedule non-hosted
> # routers to first L3 agent which sends sync_routers message to neutron
> server
> # router_auto_schedule = True
>
> # Number of DHCP agents scheduled to host a network. This enables redundant
> # DHCP agents for configured networks.
> # dhcp_agents_per_network = 1
> dhcp_agents_per_network = 1
>
> # ===========  end of items for agent scheduler extension =====
>
> # =========== WSGI parameters related to the API server ==============
> # Number of separate worker processes to spawn.  The default, 0, runs the
> # worker thread in the current process.  Greater than 0 launches that
> number of
> # child processes as workers.  The parent process manages them.
> # api_workers = 0
> api_workers = 0
>
> # Number of separate RPC worker processes to spawn.  The default, 0, runs
> the
> # worker thread in the current process.  Greater than 0 launches that
> number of
> # child processes as RPC workers.  The parent process manages them.
> # This feature is experimental until issues are addressed and testing has
> been
> # enabled for various plugins for compatibility.
> # rpc_workers = 0
>
> # Sets the value of TCP_KEEPIDLE in seconds to use for each server socket
> when
> # starting API server. Not supported on OS X.
> # tcp_keepidle = 600
>
> # Number of seconds to keep retrying to listen
> # retry_until_window = 30
>
> # Number of backlog requests to configure the socket with.
> # backlog = 4096
>
> # Max header line to accommodate large tokens
> # max_header_line = 16384
>
> # Enable SSL on the API server
> # use_ssl = False
> use_ssl = False
>
> # Certificate file to use when starting API server securely
> # ssl_cert_file = /path/to/certfile
>
> # Private key file to use when starting API server securely
> # ssl_key_file = /path/to/keyfile
>
> # CA certificate file to use when starting API server securely to
> # verify connecting clients. This is an optional parameter only required if
> # API clients need to authenticate to the API server using SSL certificates
> # signed by a trusted CA
> # ssl_ca_file = /path/to/cafile
> # ======== end of WSGI parameters related to the API server ==========
>
>
> # ======== neutron nova interactions ==========
> # Send notification to nova when port status is active.
> # notify_nova_on_port_status_changes = False
> notify_nova_on_port_status_changes = True
>
> # Send notifications to nova when port data (fixed_ips/floatingips) change
> # so nova can update it's cache.
> # notify_nova_on_port_data_changes = False
> notify_nova_on_port_data_changes = True
>
> # URL for connection to nova (Only supports one nova region currently).
> # nova_url = http://127.0.0.1:8774/v2
> nova_url = http://192.168.32.20:8774/v2
>
> # Name of nova region to use. Useful if keystone manages more than one
> region
> # nova_region_name =
> nova_region_name =RegionOne
>
> # Username for connection to nova in admin context
> # nova_admin_username =
> nova_admin_username =nova
>
> # The uuid of the admin nova tenant
> # nova_admin_tenant_id =
> nova_admin_tenant_id =d3e2355e31b449cca9dd57fa5073ec2f
>
> # Password for connection to nova in admin context.
> # nova_admin_password =
> nova_admin_password =secret
>
> # Authorization URL for connection to nova in admin context.
> # nova_admin_auth_url =
> nova_admin_auth_url =http://192.168.32.20:35357/v2.0
>
> # Number of seconds between sending events to nova if there are any events
> to send
> # send_events_interval = 2
> send_events_interval = 2
>
> # ======== end of neutron nova interactions ==========
> rabbit_use_ssl=False
>
> [quotas]
> # Default driver to use for quota checks
> # quota_driver = neutron.db.quota_db.DbQuotaDriver
>
> # Resource name(s) that are supported in quota features
> # quota_items = network,subnet,port
>
> # Default number of resource allowed per tenant. A negative value means
> # unlimited.
> # default_quota = -1
>
> # Number of networks allowed per tenant. A negative value means unlimited.
> # quota_network = 10
>
> # Number of subnets allowed per tenant. A negative value means unlimited.
> # quota_subnet = 10
>
> # Number of ports allowed per tenant. A negative value means unlimited.
> # quota_port = 50
>
> # Number of security groups allowed per tenant. A negative value means
> # unlimited.
> # quota_security_group = 10
>
> # Number of security group rules allowed per tenant. A negative value means
> # unlimited.
> # quota_security_group_rule = 100
>
> # Number of vips allowed per tenant. A negative value means unlimited.
> # quota_vip = 10
>
> # Number of pools allowed per tenant. A negative value means unlimited.
> # quota_pool = 10
>
> # Number of pool members allowed per tenant. A negative value means
> unlimited.
> # The default is unlimited because a member is not a real resource consumer
> # on Openstack. However, on back-end, a member is a resource consumer
> # and that is the reason why quota is possible.
> # quota_member = -1
>
> # Number of health monitors allowed per tenant. A negative value means
> # unlimited.
> # The default is unlimited because a health monitor is not a real resource
> # consumer on Openstack. However, on back-end, a member is a resource
> consumer
> # and that is the reason why quota is possible.
> # quota_health_monitors = -1
>
> # Number of routers allowed per tenant. A negative value means unlimited.
> # quota_router = 10
>
> # Number of floating IPs allowed per tenant. A negative value means
> unlimited.
> # quota_floatingip = 50
>
> [agent]
> # Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
> # root filter facility.
> # Change to "sudo" to skip the filtering and just run the comand directly
> # root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
> root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
>
> # =========== items for agent management extension =============
> # seconds between nodes reporting state to server; should be less than
> # agent_down_time, best if it is half or less than agent_down_time
> # report_interval = 30
> report_interval = 30
>
> # ===========  end of items for agent management extension =====
>
> [keystone_authtoken]
> # auth_host = 127.0.0.1
> auth_host = 192.168.32.20
> # auth_port = 35357
> auth_port = 35357
> # auth_protocol = http
> auth_protocol = http
> # admin_tenant_name = %SERVICE_TENANT_NAME%
> admin_tenant_name = services
> # admin_user = %SERVICE_USER%
> admin_user = neutron
> # admin_password = %SERVICE_PASSWORD%
> admin_password = secret
> auth_uri=http://192.168.32.20:5000/
>
> [database]
> # This line MUST be changed to actually run the plugin.
> # Example:
> # connection = mysql://root:pass@127.0.0.1:3306/neutron
> connection = mysql://neutron:secret@192.168.32.20/ovs_neutron
> # Replace 127.0.0.1 above with the IP address of the database used by the
> # main neutron server. (Leave it as is if the database runs on this host.)
> # connection = sqlite://
>
> # The SQLAlchemy connection string used to connect to the slave database
> # slave_connection =
>
> # Database reconnection retry times - in event connectivity is lost
> # set to -1 implies an infinite retry count
> # max_retries = 10
> max_retries = 10
>
> # Database reconnection interval in seconds - if the initial connection to
> the
> # database fails
> # retry_interval = 10
> retry_interval = 10
>
> # Minimum number of SQL connections to keep open in a pool
> # min_pool_size = 1
>
> # Maximum number of SQL connections to keep open in a pool
> # max_pool_size = 10
>
> # Timeout in seconds before idle sql connections are reaped
> # idle_timeout = 3600
> idle_timeout = 3600
>
> # If set, use this value for max_overflow with sqlalchemy
> # max_overflow = 20
>
> # Verbosity of SQL debugging information. 0=None, 100=Everything
> # connection_debug = 0
>
> # Add python stack traces to SQL as comment strings
> # connection_trace = False
>
> # If set, use this value for pool_timeout with sqlalchemy
> # pool_timeout = 10
>
> [service_providers]
> # Specify service providers (drivers) for advanced services like
> loadbalancer, VPN, Firewall.
> # Must be in form:
> # service_provider=<service_type>:<name>:<driver>[:default]
> # List of allowed service types includes LOADBALANCER, FIREWALL, VPN
> # Combination of <service type> and <name> must be unique; <driver> must
> also be unique
> # This is multiline option, example for default provider:
> # service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
> # example of non-default provider:
> # service_provider=FIREWALL:name2:firewall_driver_path
> # --- Reference implementations ---
> # service_provider =
> LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
>
> service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
> # In order to activate Radware's lbaas driver you need to uncomment the
> next line.
> # If you want to keep the HA Proxy as the default lbaas driver, remove the
> attribute default from the line below.
> # Otherwise comment the HA Proxy line
> # service_provider =
> LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
> # uncomment the following line to make the 'netscaler' LBaaS provider
> available.
> #
> service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
> # Uncomment the following line (and comment out the OpenSwan VPN line) to
> enable Cisco's VPN driver.
> #
> service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
> # Uncomment the line below to use Embrane heleos as Load Balancer service
> provider.
> #
> service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
>
> *3.Ldif.file for openLDAP*
> # extended LDIF
> #
> # LDAPv3
> # base <dc=example,dc=org> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # example.org
> dn: dc=example,dc=org
> objectClass: top
> objectClass: dcObject
> objectClass: organization
> o: example Inc
> dc: example
>
> # Groups, example.org
> dn: ou=Groups,dc=example,dc=org
> ou: Groups
> objectClass: organizationalUnit
>
> # Users, example.org
> dn: ou=Users,dc=example,dc=org
> ou: users
> objectClass: organizationalUnit
>
> # Roles, example.org
> dn: ou=Roles,dc=example,dc=org
> ou: roles
> objectClass: organizationalUnit
>
> # admin, Users, example.org
> dn: cn=admin,ou=Users,dc=example,dc=org
> cn: admin
> objectClass: inetOrgPerson
> objectClass: top
> sn: admin
> uid: admin
> userPassword: secret
>
> # demo, Users, example.org
> dn: cn=demo,ou=Users,dc=example,dc=org
> cn: demo
> objectClass: inetOrgPerson
> objectClass: top
> sn: demo
> uid: demo
> userPassword: demo
>
> # cinder, Users, example.org
> dn: cn=cinder,ou=Users,dc=example,dc=org
> cn: cinder
> objectClass: inetOrgPerson
> objectClass: top
> sn: cinder
> uid: cinder
> userPassword: secret
>
> # glance, Users, example.org
> dn: cn=glance,ou=Users,dc=example,dc=org
> cn: glance
> objectClass: inetOrgPerson
> objectClass: top
> sn: glance
> uid: glance
> userPassword: secret
>
> # nova, Users, example.org
> dn: cn=nova,ou=Users,dc=example,dc=org
> cn: nova
> objectClass: inetOrgPerson
> objectClass: top
> sn: nova
> uid: nova
> userPassword: secret
>
> # neutron, Users, example.org
> dn: cn=neutron,ou=Users,dc=example,dc=org
> cn: neutron
> objectClass: inetOrgPerson
> objectClass: top
> sn: neutron
> uid: neutron
> userPassword: secret
>
> # enabled_users, Users, example.org
> dn: cn=enabled_users,ou=Users,dc=example,dc=org
> cn: enabled_users
> member: cn=admin,ou=Users,dc=example,dc=org
> member: cn=demo,ou=Users,dc=example,dc=org
> member: cn=nova,ou=Users,dc=example,dc=org
> member: cn=glance,ou=Users,dc=example,dc=org
> member: cn=cinder,ou=Users,dc=example,dc=org
> member: cn=neutron,ou=Users,dc=example,dc=org
> objectClass: groupOfNames
>
> # demo, Groups, example.org
> dn: cn=demo,ou=Groups,dc=example,dc=org
> cn: demo
> objectClass: groupOfNames
> member: cn=admin,ou=Users,dc=example,dc=org
> member: cn=demo,ou=Users,dc=example,dc=org
> member: cn=nova,ou=Users,dc=example,dc=org
> member: cn=glance,ou=Users,dc=example,dc=org
> member: cn=cinder,ou=Users,dc=example,dc=org
> member: cn=neutron,ou=Users,dc=example,dc=org
>
>
> # Member, demo, Groups, example.org
> dn: cn=Member,cn=demo,ou=Groups,dc=example,dc=org
> cn: member
> description: Role associated with openstack users
> objectClass: organizationalRole
> roleOccupant: cn=demo,ou=Users,dc=example,dc=org
>
> # admin, demo, Groups, example.org
> dn: cn=admin,cn=demo,ou=Groups,dc=example,dc=org
> cn: admin
> description: Role associated with openstack users
> objectClass: organizationalRole
> roleOccupant: cn=admin,ou=Users,dc=example,dc=org
> roleOccupant: cn=nova,ou=Users,dc=example,dc=org
> roleOccupant: cn=glance,ou=Users,dc=example,dc=org
> roleOccupant: cn=cinder,ou=Users,dc=example,dc=org
> roleOccupant: cn=neutron,ou=Users,dc=example,dc=org
>
>
> # services, Groups, example.org
> dn: cn=services,ou=Groups,dc=example,dc=org
> cn: services
> objectClass: groupOfNames
> member: cn=admin,ou=Users,dc=example,dc=org
> member: cn=demo,ou=Users,dc=example,dc=org
> member: cn=nova,ou=Users,dc=example,dc=org
> member: cn=glance,ou=Users,dc=example,dc=org
> member: cn=cinder,ou=Users,dc=example,dc=org
> member: cn=neutron,ou=Users,dc=example,dc=org
>
> # admin, services, Groups, example.org
> dn: cn=admin,cn=services,ou=Groups,dc=example,dc=org
> cn: admin
> description: Role associated with openstack users
> objectClass: organizationalRole
> roleOccupant: cn=admin,ou=Users,dc=example,dc=org
> roleOccupant: cn=nova,ou=Users,dc=example,dc=org
> roleOccupant: cn=glance,ou=Users,dc=example,dc=org
> roleOccupant: cn=cinder,ou=Users,dc=example,dc=org
> roleOccupant: cn=neutron,ou=Users,dc=example,dc=org
>
> # admin, Groups, example.org
> dn: cn=admin,ou=Groups,dc=example,dc=org
> cn: admin
> objectClass: groupOfNames
> member: cn=admin,ou=Users,dc=example,dc=org
> member: cn=demo,ou=Users,dc=example,dc=org
> member: cn=nova,ou=Users,dc=example,dc=org
> member: cn=glance,ou=Users,dc=example,dc=org
> member: cn=cinder,ou=Users,dc=example,dc=org
> member: cn=neutron,ou=Users,dc=example,dc=org
>
> # admin, admin, Groups, example.org
> dn: cn=admin,cn=admin,ou=Groups,dc=example,dc=org
> cn: admin
> description: Role associated with openstack users
> objectClass: organizationalRole
> roleOccupant: cn=admin,ou=Users,dc=example,dc=org
> roleOccupant: cn=nova,ou=Users,dc=example,dc=org
> roleOccupant: cn=glance,ou=Users,dc=example,dc=org
> roleOccupant: cn=cinder,ou=Users,dc=example,dc=org
> roleOccupant: cn=neutron,ou=Users,dc=example,dc=org
>
> # Member, Roles, example.org
> dn: cn=Member,ou=Roles,dc=example,dc=org
> cn: member
> description: Role associated with openstack users
> objectClass: organizationalRole
> roleOccupant: cn=demo,ou=Users,dc=example,dc=org
>
> # admin, Roles, example.org
> dn: cn=admin,ou=Roles,dc=example,dc=org
> cn: admin
> description: Role associated with openstack users
> objectClass: organizationalRole
> roleOccupant: cn=admin,ou=Users,dc=example,dc=org
> roleOccupant: cn=nova,ou=Users,dc=example,dc=org
> roleOccupant: cn=glance,ou=Users,dc=example,dc=org
> roleOccupant: cn=cinder,ou=Users,dc=example,dc=org
> roleOccupant: cn=neutron,ou=Users,dc=example,dc=org
>
>
> On Wed, Sep 10, 2014 at 11:56 AM, Rasanjaya Subasinghe <
> rasaposha at gmail.com> wrote:
>
>>
>> Hi,
>> Sorry for the inconvenience sir,I herewith attached the
>> keystone.conf,neutron.conf and LDAP ldif file.
>> Its Centos6.5 and control and 3 compute node setup in-house cloud and
>> without LDAP keystone settings(
>> driver=keystone.identity.backends.ldap.Identity) everything working
>> fine. those are,
>> 1.Instance spawn perfectly,
>> 2.live migration work perfectly.
>> then try to configure keystone with LDAP driver gives that error on
>> neutron server.log.
>>         3.This setup up is tested on without ml2 and even ml2 test end
>> with same issue.
>> I will attached the LDAP file and neutron file.
>> *keystone version 0.9.0
>>
>>
>>
>>
>>
>> below  shows the neutron error show on compute.log
>>
>> On Wed, Sep 10, 2014 at 11:52 AM, Rasanjaya Subasinghe <
>> rasaposha at gmail.com> wrote:
>>
>>>
>>> On Sep 9, 2014, at 8:09 PM, Rasanjaya Subasinghe <Rasaposha at gmail.com>
>>> wrote:
>>>
>>>
>>> Hi Kashyap,
>>> Its Centos6.5 and control and 3 compute node setup in-house cloud and
>>> without LDAP keystone settings(
>>> driver=keystone.identity.backends.ldap.Identity) everything working
>>> fine. those are,
>>> 1.Instance spawn perfectly,
>>> 2.live migration work perfectly.
>>> then try to configure keystone with LDAP driver gives that error on
>>> neutron server.log.
>>>         3.This setup up is tested on without ml2 and even ml2 test end
>>> with same issue.
>>> I will attached the LDAP file and neutron file.
>>> *keystone version 0.9.0
>>> <keystone.conf>
>>> <neutron.conf>
>>> <staging.ldif>
>>> below  shows the neutron error show on compute.log
>>>
>>> <Screen Shot 2014-09-09 at 8.08.25 PM.png>
>>>
>>> cheers,
>>> thanks
>>> Begin forwarded message:
>>>
>>> *From: *Kashyap Chamarthy <kchamart at redhat.com>
>>> *Subject: **Re: [Rdo-list] icehouse ldap integration*
>>> *Date: *September 9, 2014 at 7:27:59 PM GMT+5:30
>>> *To: *Rasanjaya Subasinghe <rasaposha at gmail.com>
>>> *Cc: *rdo-list at redhat.com
>>>
>>> On Tue, Sep 09, 2014 at 06:19:56PM +0530, Rasanjaya Subasinghe wrote:
>>>
>>>
>>> Hi,
>>> I tried to configure openstack ice house with LDAP and all things are
>>> goes well execp neutron issue, this is the issue which appears on the
>>> server.log file of neutron service.
>>>
>>> Can you guide me for this matter? thanks for the help.
>>>
>>>
>>> This information you've provided is not sufficient to give any
>>> meaningful response.
>>>
>>> At a minimum, if anyone have to help you diagnose your issue, you need
>>> to provide:
>>>
>>>  - Describe in more detail what you mean by "configure
>>>    openstack ice house with LDAP".
>>>  - What is the test you're trying to perform? An exact reproducer would
>>>    be very useful.
>>>  - What is the exact error message you see? Contextual logs/errors from
>>>    Keystone/Nova.
>>>  - Exact versions of Keystone, and other relevant packages.
>>>  - What OS? Fedora? CentOS? Something else?
>>>  - Probably, provide config files for /etc/keystone/keystone.conf and
>>>    relevant Neutron config files (preferably uploaded somewhere in
>>>    *plain text*).
>>>
>>>
>>> --
>>> /kashyap
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Rasanjaya Subasinghe
>>
>
>
>
> --
> Rasanjaya Subasinghe
>



-- 
Rasanjaya Subasinghe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20140910/d951def2/attachment.html>


More information about the dev mailing list