How to fix conflict between non local keystone users
Issue
- It is impossible to authenticate users from keystone LDAP backend after user_id_attribute was changed in backend's configuration.
- It is impossible to authenticate user from keystone LDAP backend after some attribute of user's entry in LDAP that is used by keystone as user id was changed.
- It is impossible to authenticate users from existing LDAP backend after LDAP IP address was changed.
The following error in keystone.log is generated (the single-string message was parsed):
2018-06-19 15:32:15.396 236988 WARNING keystone.common.wsgi
[req-ebce2c77-8140-49bf-ba55-e9c60c5bebc1 - - - - -]
Conflict occurred attempting to store nonlocal_user - Duplicate Entry
Environment
- Red Hat OpenStack Platform 13
- Red Hat OpenStack Platform 12
- Red Hat OpenStack Platform 11
- Red Hat OpenStack Platform 10
- Red Hat OpenStack Platform 9
- Red Hat OpenStack Platform 8
NOTE. It may not be safe to follow this guide for future RHOSP (newer than RHOSP 13) versions. Please ask Red Hat Technical Support to validate your actions.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.