How to configure keystone with Active Directory when using root DN (dc=example,dc=com) as the user_tree_dn
Issue
When using the LDAP backend and connecting to an Active Directory with multiple Domain Controllers, trying to use the root DN (dc=example,dc=com) as the user_tree_dn (or tenant/role_tree_dn) fails with
"Authorization Failed: Unable to communicate with identity service: {"error": {"message": "An unexpected error prevented the server from fulfilling your request. {'info': '000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1', 'desc': 'Operations error'}", "code": 500, "title": "Internal Server Error"}}. (HTTP 500)".
Is it possible to fix this?
Environment
Red Hat OpenStack Enterprise Linux Platform 7.0
Red Hat OpenStack Platform 8.0
Red Hat OpenStack Platform 9.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
