Description of problem: Customer has found the OSP12 Active Directory integration documentation is missing some potential steps. Document: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/integrate_with_identity_service/sec-active-directory Note: I have no access to a AD environment to verify. Version-Release number of selected component (if applicable): How reproducible: - Unknown as no active directory environment to test with. Assuming always. Steps to Reproduce: 1. Follow: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/integrate_with_identity_service/sec-active-directory 2. Test integration Actual results: - Integration fails Expected results: - Integration works. Additional info: - Customer supplied the following snippets that seemed to have resolved his issue: ########### START ########### ... 1.8.2. Configure the controller ... 2. Create the domains directory: # mkdir /var/lib/config-data/puppet-generated/keystone/etc/keystone/domains/ # chown 42425 /var/lib/config-data/puppet-generated/keystone/etc/keystone/domains/ ... 3. Configure Identity Service to use multiple back ends: NOTE You might need to install crudini using yum install crudini. # crudini --set /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf identity domain_specific_drivers_enabled true # crudini --set /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf identity domain_config_dir /etc/keystone/domains # crudini --set /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf assignment driver sql ... 6. Change ownership of the configuration file to the keystone user: # chown 42425 /var/lib/config-data/puppet-generated/keystone/etc/keystone/domains/keystone.LAB.conf ... _______ Also there is a crudini that points to the wrong file 3. Configure Identity Service to use multiple back ends: NOTE You might need to install crudini using yum install crudini. # crudini --set /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf identity domain_specific_drivers_enabled true # crudini --set /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf identity domain_config_dir /var/lib/config-data/puppet-generated/keystone/etc/keystone/domains # crudini --set /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf assignment driver sql ########### END ###########
is it possible to also verify the instruction for director integration? I do not see in the instructions a way to get the certificate into the container. https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/integrate_with_identity_service/sec-director-ldap Rafael
Investigating...
*** Bug 1552749 has been marked as a duplicate of this bug. ***
Republished OSP12 guide with Active Directory updates
Republished OSP12 guide with IdM and generic LDAP updates: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html-single/integrate_with_identity_service/
(In reply to Rafael Urena from comment #1) > is it possible to also verify the instruction for director integration? I do > not see in the instructions a way to get the certificate into the container. > Checking with SMEs
Changes were added and the guide was republished here: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html-single/integrate_with_identity_service/