cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
serkan
Cadet
Cadet
‎10-07-2019 08:40 PM
  • 4,304 Views

OpenStack unable to create group

Jump to solution

Hello,

I am able to create group for lab domain with admin user but not able to create group for example

domain.

I can't see any difference between.

anybody has an idea?2019-10-07_22-31-09.png

Best Regards,

Serkan

 

 

Labels (1)
Labels
0 Kudos
Join the discussion
1 Solution

Accepted Solutions
harpreetsingh
Flight Engineer Flight Engineer
Flight Engineer
‎10-08-2019 06:34 AM
  • 4,295 Views

Jump to solution

Hi Serkan,
The domain you created "lab" is a local domain which is using local DB to keep identity information but according to classroom environment "Example" domain is configured to use RedHat IdM (LDAP) as back end and as a openstack user you don't have any priviledges to create users and groups under LDAP server so thats why you are getting this error.

If you want to create group or users then you should login to "IdM (LDAP)" and then create from there.


Thanks

View solution in original post

4 Replies
harpreetsingh
Flight Engineer Flight Engineer
Flight Engineer
‎10-08-2019 06:34 AM
  • 4,296 Views

Jump to solution

Hi Serkan,
The domain you created "lab" is a local domain which is using local DB to keep identity information but according to classroom environment "Example" domain is configured to use RedHat IdM (LDAP) as back end and as a openstack user you don't have any priviledges to create users and groups under LDAP server so thats why you are getting this error.

If you want to create group or users then you should login to "IdM (LDAP)" and then create from there.


Thanks

serkan
Cadet
Cadet
‎10-08-2019 04:00 PM
  • 4,279 Views

Jump to solution

Hi harpreetsingh,

I have one more question.

As an admin under default domain,  how I am able to create admin groups and users for another

domains? does default admin user capable of editing anything in different domains without

having admin role for that particular domain?

Best Regards,

Serkan

0 Kudos
harpreetsingh
Flight Engineer Flight Engineer
Flight Engineer
‎10-08-2019 04:39 PM
  • 4,273 Views

Jump to solution

Hi

Answer to the same question, If you are Admin of Default Domain then yes you can create users and groups in other domains as well but only if those Domains are local, which means Database is the backend for that Domain instead of a Central authentication server like LDAP, IdM etc.

Regards

0 Kudos
serkan
Cadet
Cadet
‎10-08-2019 09:58 PM
  • 4,263 Views

Jump to solution

Thanks for clearing that up for me.

I will have one last question for this topic which is still not clear to me.

if i want to use Database as the backend, is it the only configuration that I am supposed to

enable?

OPENSTACK_API_VERSIONS = {

  "identity": 3

}

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'

 

or should i also enable the below keystone config as well?

 

domain_specific_drivers_enabled = true

domain_config_dir = /etc/keystone/domains

driver = sql

 

Thanks and Regards,

Serkan

0 Kudos
Join the discussion
You must log in to join this conversation.
li.common.scroll-to.top
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2025 Red Hat, Inc. Privacy policy Terms of use