I can get the correct result with below configuration and commands:
/etc/keystone/keystone.conf
user_id_attribute = cn
user_name_attribute = sn
user_objectclass = inetOrgPerson
xianghui@xianghui:~/workplace/devstack$ keystone user-list
+----------------------------------+-------+---------+-------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------+
| e6e59b06feb74071b4a1aa51588d7949 | admin | | |
+----------------------------------+-------+---------+-------+
xianghui@xianghui:~/workplace/devstack$ keystone user-get admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | e6e59b06feb74071b4a1aa51588d7949 |
| name | admin |
+----------+----------------------------------+
But if changed the configurations as yours, I can get the error:
user_id_attribute = uidNumber
user_name_attribute = uid
xianghui@xianghui:~/workplace/devstack$ keystone user-list
+----------------------------------+------+---------+-------+
| id | name | enabled | email |
+----------------------------------+------+---------+-------+
| e6e59b06feb74071b4a1aa51588d7949 | | | |
+----------------------------------+------+---------+-------+
xianghui@xianghui:~/workplace/devstack$ keystone user-get admin
No user with a name or ID of 'admin' exists.
It is not reasonable to set user_name_attribute = uid, since from the user-list, name is can't be retrieved from ldap.
My ldap data:
xianghui@xianghui:~/workplace/devstack$ ldapsearch -x -b "ou=Users,dc=openstack,dc=org" '(objectclass=*)'
# extended LDIF
#
# LDAPv3
# base <ou=Users,dc=openstack,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
Hi beraido-7,
I can get the correct result with below configuration and commands: keystone. conf xianghui: ~/workplace/ devstack$ keystone user-list ------- ------- ------- ------- +------ -+----- ----+-- -----+ ------- ------- ------- ------- +------ -+----- ----+-- -----+ 1b4a1aa51588d79 49 | admin | | | ------- ------- ------- ------- +------ -+----- ----+-- -----+ xianghui: ~/workplace/ devstack$ keystone user-get admin ----+-- ------- ------- ------- ------- ----+ ----+-- ------- ------- ------- ------- ----+ 1b4a1aa51588d79 49 | ----+-- ------- ------- ------- ------- ----+
/etc/keystone/
user_id_attribute = cn
user_name_attribute = sn
user_objectclass = inetOrgPerson
xianghui@
+------
| id | name | enabled | email |
+------
| e6e59b06feb7407
+------
xianghui@
+------
| Property | Value |
+------
| id | e6e59b06feb7407
| name | admin |
+------
But if changed the configurations as yours, I can get the error: xianghui: ~/workplace/ devstack$ keystone user-list ------- ------- ------- ------- +------ +------ ---+--- ----+ ------- ------- ------- ------- +------ +------ ---+--- ----+ 1b4a1aa51588d79 49 | | | | ------- ------- ------- ------- +------ +------ ---+--- ----+ xianghui: ~/workplace/ devstack$ keystone user-get admin
user_id_attribute = uidNumber
user_name_attribute = uid
xianghui@
+------
| id | name | enabled | email |
+------
| e6e59b06feb7407
+------
xianghui@
No user with a name or ID of 'admin' exists.
It is not reasonable to set user_name_attribute = uid, since from the user-list, name is can't be retrieved from ldap.
My ldap data: xianghui: ~/workplace/ devstack$ ldapsearch -x -b "ou=Users, dc=openstack, dc=org" '(objectclass=*)' dc=openstack, dc=org> with scope subtree
xianghui@
# extended LDIF
#
# LDAPv3
# base <ou=Users,
# filter: (objectclass=*)
# requesting: ALL
#
# Users, openstack.org dc=openstack, dc=org
dn: ou=Users,
objectClass: organizationalUnit
ou: Users
# e6e59b06feb7407 1b4a1aa51588d79 49, Users, openstack.org 4071b4a1aa51588 d7949,ou= Users,dc= openstack, dc=org 1b4a1aa51588d79 49
dn: cn=e6e59b06feb7
objectClass: person
objectClass: inetOrgPerson
sn: admin
cn: e6e59b06feb7407
...
The user admin is stored in the sn attribute.