I get this error, openstack clients also seem to fail to list users and groups.
Issue seems to be in this method line 715 is the exception being thrown.
683 def _get_domain_id_for_list_request(self, context):
684 """Get the domain_id for a v3 list call.
685
686 If we running with multiple domain drivers, then the caller must
687 specify a domain_id either as a filter or as part of the token scope.
688
689 """
690 if not CONF.identity.domain_specific_drivers_enabled:
691 # We don't need to specify a domain ID in this case
692 return
693
694 if context['query_string'].get('domain_id') is not None:
695 return context['query_string'].get('domain_id')
696
697 try:
698 token_ref = token_model.KeystoneToken(
699 token_id=context['token_id'],
700 token_data=self.token_provider_api.validate_token(
701 context['token_id']))
702 except KeyError:
703 raise exception.ValidationError(
704 _('domain_id is required as part of entity'))
705 except (exception.TokenNotFound,
706 exception.UnsupportedTokenVersionException):
707 LOG.warning(_LW('Invalid token found while getting domain ID '
708 'for list request'))
709 raise exception.Unauthorized()
710
711 if token_ref.domain_scoped:
712 return token_ref.domain_id
713 else:
714 LOG.warning(
715 _LW('No domain information specified as part of list request'))
716 raise exception.Unauthorized()
Keystone logs are as follows.
2015-10-06 07:32:24.141 11175 DEBUG keystone.policy.backends.rules [-] enforce identity:list_users: {'is_delegated_auth': False, 'access_token_id': None, 'user_id': u'a3cde1ee62b7882310e28a16efc19fae1fb81383628117c100f0fb80e7442177', 'roles': [u'admin', u'_member_'], 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_id=wAXcFhRURgmBoLZPhNZBaQ, audit_chain_id=wAXcFhRURgmBoLZPhNZBaQ) at 0x7fa5a9d894f0>, 'project_id': u'4bf2a3a0b84745259bb4c8d4829cf742', 'trust_id': None} enforce /opt/bbc/openstack-11.0-bbc73/keystone/local/lib/python2.7/site-packages/keystone/policy/backends/rules.py:76
2015-10-06 07:32:24.142 11175 DEBUG keystone.common.controller [-] RBAC: Authorization granted wrapper /opt/bbc/openstack-11.0-bbc73/keystone/local/lib/python2.7/site-packages/keystone/common/controller.py:203
2015-10-06 07:32:24.151 11175 WARNING keystone.common.controller [-] No domain information specified as part of list request
2015-10-06 07:32:24.152 11175 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. (Disable debug mode to suppress these details.) (Disable debug mode to suppress these details.) from 192.168.0.96
Configuration
1) Enable domain specific drivers in keystone
2) keep default domain in ldap, keep all other domains in sql db.
3) Try listing users or groups using v3 api.
I get this error, openstack clients also seem to fail to list users and groups.
Issue seems to be in this method line 715 is the exception being thrown.
683 def _get_domain_ id_for_ list_request( self, context): domain_ specific_ drivers_ enabled: 'query_ string' ].get(' domain_ id') is not None: 'query_ string' ].get(' domain_ id') KeystoneToken( context[ 'token_ id'], self.token_ provider_ api.validate_ token( 'token_ id'])) ValidationError ( TokenNotFound, UnsupportedToke nVersionExcepti on): _LW('Invalid token found while getting domain ID ' Unauthorized( ) domain_ scoped: Unauthorized( )
684 """Get the domain_id for a v3 list call.
685
686 If we running with multiple domain drivers, then the caller must
687 specify a domain_id either as a filter or as part of the token scope.
688
689 """
690 if not CONF.identity.
691 # We don't need to specify a domain ID in this case
692 return
693
694 if context[
695 return context[
696
697 try:
698 token_ref = token_model.
699 token_id=
700 token_data=
701 context[
702 except KeyError:
703 raise exception.
704 _('domain_id is required as part of entity'))
705 except (exception.
706 exception.
707 LOG.warning(
708 'for list request'))
709 raise exception.
710
711 if token_ref.
712 return token_ref.domain_id
713 else:
714 LOG.warning(
715 _LW('No domain information specified as part of list request'))
716 raise exception.
Keystone logs are as follows. policy. backends. rules [-] enforce identity: list_users: {'is_delegated_ auth': False, 'access_token_id': None, 'user_id': u'a3cde1ee62b78 82310e28a16efc1 9fae1fb81383628 117c100f0fb80e7 442177' , 'roles': [u'admin', u'_member_'], 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_ id=wAXcFhRURgmB oLZPhNZBaQ, audit_chain_ id=wAXcFhRURgmB oLZPhNZBaQ) at 0x7fa5a9d894f0>, 'project_id': u'4bf2a3a0b8474 5259bb4c8d4829c f742', 'trust_id': None} enforce /opt/bbc/ openstack- 11.0-bbc73/ keystone/ local/lib/ python2. 7/site- packages/ keystone/ policy/ backends/ rules.py: 76 common. controller [-] RBAC: Authorization granted wrapper /opt/bbc/ openstack- 11.0-bbc73/ keystone/ local/lib/ python2. 7/site- packages/ keystone/ common/ controller. py:203 common. controller [-] No domain information specified as part of list request common. wsgi [-] Authorization failed. The request you have made requires authentication. (Disable debug mode to suppress these details.) (Disable debug mode to suppress these details.) from 192.168.0.96
2015-10-06 07:32:24.141 11175 DEBUG keystone.
2015-10-06 07:32:24.142 11175 DEBUG keystone.
2015-10-06 07:32:24.151 11175 WARNING keystone.
2015-10-06 07:32:24.152 11175 WARNING keystone.
Configuration
1) Enable domain specific drivers in keystone
2) keep default domain in ldap, keep all other domains in sql db.
3) Try listing users or groups using v3 api.