How to fix conflict between non local keystone users

Solution Verified - Updated -

Issue

  • It is impossible to authenticate users from keystone LDAP backend after user_id_attribute was changed in backend's configuration.
  • It is impossible to authenticate user from keystone LDAP backend after some attribute of user's entry in LDAP that is used by keystone as user id was changed.
  • It is impossible to authenticate users from existing LDAP backend after LDAP IP address was changed.

The following error in keystone.log is generated (the single-string message was parsed):

2018-06-19 15:32:15.396 236988 WARNING keystone.common.wsgi
    [req-ebce2c77-8140-49bf-ba55-e9c60c5bebc1 - - - - -]
        Conflict occurred attempting to store nonlocal_user - Duplicate Entry

Environment

  • Red Hat OpenStack Platform 13
  • Red Hat OpenStack Platform 12
  • Red Hat OpenStack Platform 11
  • Red Hat OpenStack Platform 10
  • Red Hat OpenStack Platform 9
  • Red Hat OpenStack Platform 8

NOTE. It may not be safe to follow this guide for future RHOSP (newer than RHOSP 13) versions. Please ask Red Hat Technical Support to validate your actions.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content