How do I allow a specific LDAP user to log in OpenStack?

Solution Verified - Updated -

Issue

  • Let a keystone.conf

    [ldap]
url                      = ldaps://server01.example.com,ldaps://server02.example.com
user                     = CN=LDAPCLIENT,OU=SERVICE,OU=ADMINS,DC=EXAMPLE,DC=COM
password                 = ************
suffix                   = DC=EXAMPLE,DC=COM
user_tree_dn             = DC=EXAMPLE,DC=COM
query_scope              = sub
user_objectclass         = person
user_filter              = (|(memberOf=CN=OPSTACK_ADMIN,OU=GROUPS,DC=EXAMPLE,DC=COM)(memberOf=CN=OPSTACK_USER,OU=GROUPS,DC=EXAMPLE,DC=COM))
user_id_attribute        = sAMAccountName
user_name_attribute      = sAMAccountName
user_mail_attribute      = mail
user_pass_attribute      =
user_enabled_attribute   = userAccountControl
user_enabled_mask        = 2
user_enabled_default     = 512
user_attribute_ignore    = password,tenant_id,tenants
user_allow_create        = False
user_allow_update        = False
user_allow_delete        = False

group_objectclass        = group
group_tree_dn            = OU=GROUPS,DC=EXAMPLE,DC=COM
group_filter             = (CN=OPSTACK*)
group_id_attribute       = cn
group_name_attribute     = name
group_allow_create       = False
group_allow_update       = False
group_allow_delete       = False


use_tls                  = False
tls_cacertfile           = /etc/ssl/certs/root-example.com.pem

[identity]
driver                   = keystone.identity.backends.ldap.Identity

Usually, in LDAP-backed keystone scenarios, the configurations and filters usually allows and specifies group members to be a OpenStack User.

  • How do I allow a specific user that is not part of the specified groups to be a OpenStack user?

Environment

  • Red Hat OpenStack Platform 7
  • LDAP-based keystone back-end

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content