How to fix conflict between non local keystone users

Solution Verified - Updated -


  • It is impossible to authenticate users from keystone LDAP backend after user_id_attribute was changed in backend's configuration.
  • It is impossible to authenticate user from keystone LDAP backend after some attribute of user's entry in LDAP that is used by keystone as user id was changed.
  • It is impossible to authenticate users from existing LDAP backend after LDAP IP address was changed.

The following error in keystone.log is generated (the single-string message was parsed):

2018-06-19 15:32:15.396 236988 WARNING keystone.common.wsgi
    [req-ebce2c77-8140-49bf-ba55-e9c60c5bebc1 - - - - -]
        Conflict occurred attempting to store nonlocal_user - Duplicate Entry


  • Red Hat OpenStack Platform 13
  • Red Hat OpenStack Platform 12
  • Red Hat OpenStack Platform 11
  • Red Hat OpenStack Platform 10
  • Red Hat OpenStack Platform 9
  • Red Hat OpenStack Platform 8

NOTE. It may not be safe to follow this guide for future RHOSP (newer than RHOSP 13) versions. Please ask Red Hat Technical Support to validate your actions.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In