How to configure keystone with Active Directory when using root DN (dc=example,dc=com) as the user_tree_dn

Solution Verified - Updated -

Issue

When using the LDAP backend and connecting to an Active Directory with multiple Domain Controllers, trying to use the root DN (dc=example,dc=com) as the user_tree_dn (or tenant/role_tree_dn) fails with

"Authorization Failed: Unable to communicate with identity service: {"error": {"message": "An unexpected error prevented the server from fulfilling your request. {'info': '000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1', 'desc': 'Operations error'}", "code": 500, "title": "Internal Server Error"}}. (HTTP 500)".

Is it possible to fix this?

Environment

Red Hat OpenStack Enterprise Linux Platform 7.0
Red Hat OpenStack Platform 8.0
Red Hat OpenStack Platform 9.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content