How do I allow a specific LDAP user to log in OpenStack?

Solution Verified - Updated -

Issue

  • Let a keystone.conf

    [ldap]
    url                      = ldaps://server01.example.com,ldaps://server02.example.com
    user                     = CN=LDAPCLIENT,OU=SERVICE,OU=ADMINS,DC=EXAMPLE,DC=COM
    password                 = ************
    suffix                   = DC=EXAMPLE,DC=COM
    user_tree_dn             = DC=EXAMPLE,DC=COM
    query_scope              = sub
    user_objectclass         = person
    user_filter              = (|(memberOf=CN=OPSTACK_ADMIN,OU=GROUPS,DC=EXAMPLE,DC=COM)(memberOf=CN=OPSTACK_USER,OU=GROUPS,DC=EXAMPLE,DC=COM))
    user_id_attribute        = sAMAccountName
    user_name_attribute      = sAMAccountName
    user_mail_attribute      = mail
    user_pass_attribute      =
    user_enabled_attribute   = userAccountControl
    user_enabled_mask        = 2
    user_enabled_default     = 512
    user_attribute_ignore    = password,tenant_id,tenants
    user_allow_create        = False
    user_allow_update        = False
    user_allow_delete        = False
    
    group_objectclass        = group
    group_tree_dn            = OU=GROUPS,DC=EXAMPLE,DC=COM
    group_filter             = (CN=OPSTACK*)
    group_id_attribute       = cn
    group_name_attribute     = name
    group_allow_create       = False
    group_allow_update       = False
    group_allow_delete       = False
    
    
    use_tls                  = False
    tls_cacertfile           = /etc/ssl/certs/root-example.com.pem
    
    [identity]
    driver                   = keystone.identity.backends.ldap.Identity
    

Usually, in LDAP-backed keystone scenarios, the configurations and filters usually allows and specifies group members to be a OpenStack User.

  • How do I allow a specific user that is not part of the specified groups to be a OpenStack user?

Environment

  • Red Hat OpenStack Platform 7
  • LDAP-based keystone back-end

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.