No able to access user from an AD trusted forest
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Keystone LDAP integration |
Expired
|
Undecided
|
Unassigned |
Bug Description
Hello,
I'm trying to add a new keystone domain that will be integrated with an AD but will access users in a trusted forest, not the principal one, I've created the current configuration for the charm:
keystone-
ldap-server: "ldap:/
ldap-user: "CN=xx,
ldap-password: "Pass"
ldap-suffix: "DC=intsvc-
ldap-readonly: true
domain-name: "tenant"
ldap-
}"
But not able to list the users and got this error:
2021-10-20 16:07:42.569089 File "/usr/lib/
2021-10-20 16:07:42.569095 return func(self, conn, *args, **kwargs)
2021-10-20 16:07:42.569106 File "/usr/lib/
2021-10-20 16:07:42.569112 return conn.search_s(base, scope, filterstr, attrlist,
2021-10-20 16:07:42.569123 File "/usr/lib/
2021-10-20 16:07:42.569130 return self.search_
2021-10-20 16:07:42.569141 File "/usr/lib/
2021-10-20 16:07:42.569147 return self._apply_
2021-10-20 16:07:42.569158 File "/usr/lib/
2021-10-20 16:07:42.569164 return func(self,
2021-10-20 16:07:42.569175 File "/usr/lib/
2021-10-20 16:07:42.569182 return self.result(
2021-10-20 16:07:42.569193 File "/usr/lib/
2021-10-20 16:07:42.569199 resp_type, resp_data, resp_msgid = self.result2(
2021-10-20 16:07:42.569210 File "/usr/lib/
2021-10-20 16:07:42.569217 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(
2021-10-20 16:07:42.569228 File "/usr/lib/
2021-10-20 16:07:42.569234 resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
2021-10-20 16:07:42.569245 File "/usr/lib/
2021-10-20 16:07:42.569251 ldap_result = self._ldap_
2021-10-20 16:07:42.569263 File "/usr/lib/
2021-10-20 16:07:42.569269 reraise(exc_type, exc_value, exc_traceback)
2021-10-20 16:07:42.569280 File "/usr/lib/
2021-10-20 16:07:42.569286 raise exc_value
2021-10-20 16:07:42.569297 File "/usr/lib/
2021-10-20 16:07:42.569303 result = func(*args,
2021-10-20 16:07:42.569331 ldap.REFERRAL: {'desc': 'Referral', 'errno': 11, 'info': 'Referral:
You might want to check which ports you are using. In active directory, you may prefer the global catalog ports. See bug https:/ /bugs.launchpad .net/charm- keystone- ldap/+bug/ 1910293