OpenStack Identity (keystone)

  1. Bug #1231488
  2. Comment #16

Comment 16 for bug 1231488

Revision history for this message
Xiang Hui (xianghui) wrote :

Hi beraido-7,

I can get the correct result with below configuration and commands:
/etc/keystone/keystone.conf
user_id_attribute = cn
user_name_attribute = sn
user_objectclass = inetOrgPerson
xianghui@xianghui:~/workplace/devstack$ keystone user-list
+----------------------------------+-------+---------+-------+
| id | name | enabled | email |
 +----------------------------------+-------+---------+-------+
| e6e59b06feb74071b4a1aa51588d7949 | admin | | |
 +----------------------------------+-------+---------+-------+
xianghui@xianghui:~/workplace/devstack$ keystone user-get admin
+----------+----------------------------------+
| Property | Value |
 +----------+----------------------------------+
| id | e6e59b06feb74071b4a1aa51588d7949 |
| name | admin |
 +----------+----------------------------------+

But if changed the configurations as yours, I can get the error:
user_id_attribute = uidNumber
user_name_attribute = uid
xianghui@xianghui:~/workplace/devstack$ keystone user-list
+----------------------------------+------+---------+-------+
| id | name | enabled | email |
 +----------------------------------+------+---------+-------+
| e6e59b06feb74071b4a1aa51588d7949 | | | |
 +----------------------------------+------+---------+-------+
xianghui@xianghui:~/workplace/devstack$ keystone user-get admin
No user with a name or ID of 'admin' exists.

It is not reasonable to set user_name_attribute = uid, since from the user-list, name is can't be retrieved from ldap.

My ldap data:
xianghui@xianghui:~/workplace/devstack$ ldapsearch -x -b "ou=Users,dc=openstack,dc=org" '(objectclass=*)'
# extended LDIF
#
# LDAPv3
# base <ou=Users,dc=openstack,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# Users, openstack.org
dn: ou=Users,dc=openstack,dc=org
objectClass: organizationalUnit
ou: Users

# e6e59b06feb74071b4a1aa51588d7949, Users, openstack.org
dn: cn=e6e59b06feb74071b4a1aa51588d7949,ou=Users,dc=openstack,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: admin
cn: e6e59b06feb74071b4a1aa51588d7949

...

The user admin is stored in the sn attribute.