Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1403043

Summary: LDAP Domain not available on OpenStack9 Horizon Dashboard
Product: Red Hat OpenStack Reporter: Faiaz Ahmed <fahmed>
Component: python-django-horizonAssignee: Radomir Dopieralski <rdopiera>
Status: CLOSED ERRATA QA Contact: Ido Ovadia <iovadia>
Severity: high Docs Contact:
Priority: unspecified    
Version: 9.0 (Mitaka)CC: aludwar, aortega, athomas, beth.white, fahmed, jbiao, mrunge, rdopiera, srevivo
Target Milestone: ---Keywords: ZStream
Target Release: 9.0 (Mitaka)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-django-horizon-9.0.1-7.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-08 17:46:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1408777    

Description Faiaz Ahmed 2016-12-09 00:36:17 UTC 
Description of problem:
LDAP Domain not available anymore which is available with OSP7 and OSP8

For example, login to horizon as user “admin”, and then click “Identity” ---> “Domain”, only  “Default” can be be found now.

Version-Release number of selected component (if applicable):

- OpenStack 9
- python-django-horizon-9.0.1-2.el7ost.noarch


How reproducible:

Steps to Reproduce:
1. Integrate OPEN Stack with IDM https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/paged/integrate-with-identity-service/chapter-2-identity-management-integration. It supposed to be same for Active Directory or generic LDAP.

2. Check if the Domain available via Command line
~~~~
#  openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID                               | Name    | Enabled | Description        |
+----------------------------------+---------+---------+--------------------+
| default                          | Default | True    | The default domain |
| e11330b788674772bea741a4bb571630 | LAB     | True    |                    |
+----------------------------------+---------+---------+--------------------+

~~~~

3. login to horizon as user “admin”, and then click “Identity” ---> “Domain”



Actual results:

There is no Domain Option / Available Domain on OPS9 Horizon Dashboard.


Expected results:

Following same OSP 7 and 8 Doc and step, Domains are available "ogin to horizon as user “admin”, and then click “Identity” ---> “Domain”"

Additional info:
Comment 3 Radomir Dopieralski 2017-01-03 14:10:31 UTC 
It looks like for the domain-scoped tokens (and thus, the Domains tab) to work properly, the default session engine needs to be changed from "cookies" to something that provides more space to store all the tokens.

The https://wiki.openstack.org/wiki/Horizon/DomainWorkFlow page recommends adding/changing this configuration:

CACHES = {
   'default': {
       'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
       'LOCATION': '127.0.0.1:11211',
   }
}
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

Alternatively, if memcache is not available, an in-memory session engine can be also used:

CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
    }
}
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
Comment 14 Radomir Dopieralski 2017-02-10 10:41:05 UTC 
I submitted a patch fixing this issue upstream: https://review.openstack.org/#/c/427125/

Once it's merged, I will propose backports.
Comment 17 errata-xmlrpc 2017-03-08 17:46:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0466.html