user is not in tenant via Microsoft Active Directory when using keystone user-get
Hi all,
I'd like to integrate keystone and Microsoft Active Directory.
And I have follow the sample to create our own Active Directory for test as below.
https:/
Here is keystone.conf:
[DEFAULT]
# A "shared secret" between keystone and other openstack services
admin_token = admin
log_file = keystone.log
log_dir = /var/log/keystone
log_config = /etc/keystone/
[sql]
connection = mysql:/
[identity]
driver = keystone.
[catalog]
driver = keystone.
[token]
driver = keystone.
[policy]
driver = keystone.
[ec2]
driver = keystone.
[ssl]
[signing]
[ldap]
url = ldap://
user = cn=administrato
password = password
suffix = cn=npt,cn=sd1
use_dumb_member = True
user_tree_dn = cn=Users,
user_objectclass = top
user_id_attribute = cn
user_name_attribute = cn
dumb_member = cn=administrato
user_enabled_
user_enabled_mask = 2
user_enabled_
user_attribute_
user_allow_create = True
user_allow_update = False
user_allow_delete = False
tenant_tree_dn = ou=Tenants,
tenant_objectclass = top
tenant_id_attribute = cn
tenant_
tenant_
tenant_
tenant_
tenant_
tenant_allow_create = True
tenant_allow_update = True
tenant_allow_delete = True
role_tree_dn = ou=Roles,
role_objectclass = organizationalRole
role_objectclass = top
role_id_attribute = cn
role_member_
role_member_
role_attribute_
role_allow_create = True
role_allow_update = True
role_allow_delete = True
[filter:debug]
paste.filter_
[filter:token_auth]
paste.filter_
[filter:
paste.filter_
[filter:xml_body]
paste.filter_
[filter:json_body]
paste.filter_
[filter:
paste.filter_
[filter:
paste.filter_
[filter:
paste.filter_
[filter:
paste.filter_
[filter:
paste.filter_
[filter:
paste.filter_
[filter:
paste.filter_
[app:public_
paste.app_factory = keystone.
[app:admin_service]
paste.app_factory = keystone.
[pipeline:
pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service
[pipeline:
pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service
[app:public_
paste.app_factory = keystone.
[app:admin_
paste.app_factory = keystone.
[pipeline:
pipeline = stats_monitoring url_normalize xml_body public_
[pipeline:
pipeline = stats_monitoring url_normalize xml_body admin_version_
[composite:main]
use = egg:Paste#urlmap
/v2.0 = public_api
/ = public_version_api
[composite:admin]
use = egg:Paste#urlmap
/v2.0 = admin_api
/ = admin_version_api
Here are the result by using keystone command user-list, tenant-list, role-list, user-get as following:
keystone --token=admin --endpoint=http://
+------
| id | name | enabled | email |
+------
| Administrator | Administrator | | |
| Allowed RODC Password Replication Group | Allowed RODC Password Replication Group | | |
| Cert Publishers | Cert Publishers | | |
| Denied RODC Password Replication Group | Denied RODC Password Replication Group | | |
| DnsAdmins | DnsAdmins | | |
| DnsUpdateProxy | DnsUpdateProxy | | |
| Domain Admins | Domain Admins | | |
| Domain Computers | Domain Computers | | |
| Domain Controllers | Domain Controllers | | |
| Domain Guests | Domain Guests | | |
| Domain Users | Domain Users | | |
| Enterprise Admins | Enterprise Admins | | |
| Enterprise Read-only Domain Controllers | Enterprise Read-only Domain Controllers | | |
| Group Policy Creator Owners | Group Policy Creator Owners | | |
| Guest | Guest | | |
| RAS and IAS Servers | RAS and IAS Servers | | |
| Read-only Domain Controllers | Read-only Domain Controllers | | |
| Schema Admins | Schema Admins | | |
| aj_cheng. | aj_cheng. | | |
| bill_chen | bill_chen | | |
| danny kuo | danny kuo | | |
| frank_wu | frank_wu | | |
| glance | glance | | |
| james_wang | james_wang | | |
| keystone | keystone | | |
| krbtgt | krbtgt | | |
| nova | nova | | |
+------
keystone --token=admin --endpoint=http://
+------
| id | name |
+------
| AdminRole | AdminRole |
| MemberRole | MemberRole |
| admin | admin |
+------
keystone --token=admin --endpoint=http://
+------
| id | name | enabled |
+------
| DemoTenant | | True |
+------
keystone --token=admin --endpoint=http://
+------
| Property | Value |
+------
| id | frank_wu |
| name | frank_wu |
+------
In Active Directory, user "frank_wu" is a member of MemberRole and also MemberRole is member of DemoTenant.
Now I can use keystone command to get user-list, tenant-list, role-list correctly.
When using keystone command user-get "frank_wu", it should show that tenant id "DemoTenant" in user detail.
However it just showed without any tenant id in user detail.
Does anybody have suggestion about this?
Thank you very much.
Question information
- Language:
- English Edit question
- Status:
- Solved
- Assignee:
- No assignee Edit question
- Solved by:
- Jose Castro Leon
- Solved:
- Last query:
- Last reply: