Bug 1568068 - Active Directory integration documentation incomplete.
Summary: Active Directory integration documentation incomplete.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: documentation
Version: 12.0 (Pike)
Hardware: All
OS: All
unspecified
low
Target Milestone: ---
: ---
Assignee: Martin Lopes
QA Contact: RHOS Documentation Team
URL:
Whiteboard:
: 1552749 (view as bug list)
Depends On: 1590593
Blocks: 1570286
TreeView+ depends on / blocked
 
Reported: 2018-04-16 17:17 UTC by coldford@redhat.com
Modified: 2021-09-09 13:43 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1570286 (view as bug list)
Environment:
Last Closed: 2018-07-15 23:17:35 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description coldford@redhat.com 2018-04-16 17:17:15 UTC
Description of problem:

Customer has found the OSP12 Active Directory integration documentation is missing some potential steps. 

Document: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/integrate_with_identity_service/sec-active-directory


Note: I have no access to a AD environment to verify.


Version-Release number of selected component (if applicable):


How reproducible:
- Unknown as no active directory environment to test with. Assuming always.


Steps to Reproduce:
1. Follow: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/integrate_with_identity_service/sec-active-directory
2. Test integration

Actual results:
- Integration fails


Expected results:
- Integration works.


Additional info:
- Customer supplied the following snippets that seemed to have resolved his issue:
########### START ###########
...
1.8.2. Configure the controller
...
2. Create the domains directory:

# mkdir /var/lib/config-data/puppet-generated/keystone/etc/keystone/domains/
# chown 42425 /var/lib/config-data/puppet-generated/keystone/etc/keystone/domains/
...
3. Configure Identity Service to use multiple back ends:

NOTE
You might need to install crudini using yum install crudini.

# crudini --set /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf identity domain_specific_drivers_enabled true
# crudini --set /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf identity domain_config_dir /etc/keystone/domains
# crudini --set /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf assignment driver sql

...

6. Change ownership of the configuration file to the keystone user:

# chown 42425 /var/lib/config-data/puppet-generated/keystone/etc/keystone/domains/keystone.LAB.conf
...
_______

Also there is a crudini that points to the wrong file

3. Configure Identity Service to use multiple back ends:

NOTE
You might need to install crudini using yum install crudini.

# crudini --set /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf identity domain_specific_drivers_enabled true
# crudini --set /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf identity domain_config_dir /var/lib/config-data/puppet-generated/keystone/etc/keystone/domains
# crudini --set /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf assignment driver sql
###########  END  ###########

Comment 1 Rafael Urena 2018-04-17 13:29:44 UTC
is it possible to also verify the instruction for director integration? I do not see in the instructions a way to get the certificate into the container. 

https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/integrate_with_identity_service/sec-director-ldap

Rafael

Comment 2 Martin Lopes 2018-04-18 21:16:59 UTC
Investigating...

Comment 5 Martin Lopes 2018-04-19 02:26:11 UTC
*** Bug 1552749 has been marked as a duplicate of this bug. ***

Comment 11 Martin Lopes 2018-05-08 05:26:15 UTC
Republished OSP12 guide with Active Directory updates

Comment 13 Martin Lopes 2018-05-08 05:44:38 UTC
Republished OSP12 guide with IdM and generic LDAP updates:

https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html-single/integrate_with_identity_service/

Comment 14 Martin Lopes 2018-05-08 06:04:55 UTC
(In reply to Rafael Urena from comment #1)
> is it possible to also verify the instruction for director integration? I do
> not see in the instructions a way to get the certificate into the container. 
> 


Checking with SMEs

Comment 20 Martin Lopes 2018-07-15 23:03:30 UTC
Changes were added and the guide was republished here:

https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html-single/integrate_with_identity_service/


Note You need to log in before you can comment on or make changes to this bug.