cancel
Showing results for 
Search instead for 
Did you mean: 
serkan
Cadet
Cadet
  • 3,964 Views

OpenStack unable to create group

Jump to solution

Hello,

I am able to create group for lab domain with admin user but not able to create group for example

domain.

I can't see any difference between.

anybody has an idea?2019-10-07_22-31-09.png

Best Regards,

Serkan

 

 

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
harpreetsingh
Flight Engineer Flight Engineer
Flight Engineer
  • 3,955 Views

Hi Serkan,
The domain you created "lab" is a local domain which is using local DB to keep identity information but according to classroom environment "Example" domain is configured to use RedHat IdM (LDAP) as back end and as a openstack user you don't have any priviledges to create users and groups under LDAP server so thats why you are getting this error.

If you want to create group or users then you should login to "IdM (LDAP)" and then create from there.


Thanks

View solution in original post

4 Replies
harpreetsingh
Flight Engineer Flight Engineer
Flight Engineer
  • 3,956 Views

Hi Serkan,
The domain you created "lab" is a local domain which is using local DB to keep identity information but according to classroom environment "Example" domain is configured to use RedHat IdM (LDAP) as back end and as a openstack user you don't have any priviledges to create users and groups under LDAP server so thats why you are getting this error.

If you want to create group or users then you should login to "IdM (LDAP)" and then create from there.


Thanks

serkan
Cadet
Cadet
  • 3,939 Views

Hi harpreetsingh,

I have one more question.

As an admin under default domain,  how I am able to create admin groups and users for another

domains? does default admin user capable of editing anything in different domains without

having admin role for that particular domain?

Best Regards,

Serkan

0 Kudos
harpreetsingh
Flight Engineer Flight Engineer
Flight Engineer
  • 3,933 Views

Hi

Answer to the same question, If you are Admin of Default Domain then yes you can create users and groups in other domains as well but only if those Domains are local, which means Database is the backend for that Domain instead of a Central authentication server like LDAP, IdM etc.

Regards

0 Kudos
serkan
Cadet
Cadet
  • 3,923 Views

Thanks for clearing that up for me.

I will have one last question for this topic which is still not clear to me.

if i want to use Database as the backend, is it the only configuration that I am supposed to

enable?

OPENSTACK_API_VERSIONS = {

  "identity": 3

}

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'

 

or should i also enable the below keystone config as well?

 

domain_specific_drivers_enabled = true

domain_config_dir = /etc/keystone/domains

driver = sql

 

Thanks and Regards,

Serkan

0 Kudos
Join the discussion
You must log in to join this conversation.