If you want to integrate Horizon authentication with User on AD/LDAP you can follow this step. This step is confirmed work as expected on Openstack Kolla Ansible Caracal Ubuntu 22.04 LTS.
- Horizon with Multidomain Authentication
- AD / LDAP
- Reachable AD / LDAP Server from all Openstack Management Interface
nano /etc/kolla/config/keystone.conf
[identity]
domain_specific_drivers_enabled = true
domain_config_dir = /etc/keystone/domain
mkdir /etc/kolla/keystone/domain
nano /etc/kolla/keystone/domain/keystone.RNDTEST.conf
[identity]
driver = ldap
[ldap]
url = ldap://rnd.test
user = CN=openstack-binding,OU=Openstack-OU,DC=rnd,DC=test
password = P@ssw0rd
suffix = DC=rnd,DC=test
user_tree_dn = OU=Openstack-OU,DC=rnd,DC=test
user_objectclass = person
user_filter =
user_id_attribute = sAMAccountName
user_name_attribute = sAMAccountName
user_mail_attribute = mail
user_pass_attribute =
user_enabled_attribute = userAccountControl
user_enabled_mask = 2
user_enabled_default = 512
user_attribute_ignore = password,tenant_id,tenants
group_objectclass = group
group_tree_dn = OU=Openstack-OU,DC=rnd,DC=test
group_filter = (CN=Openstack-Group*)
group_id_attribute = cn
group_name_attribute = name
use_tls = False
docker cp /etc/kolla/domain/ keystone:/etc/keystone/
docker exec -it -u 0 keystone bash
chown -R keystone:keystone /etc/keystone/domain
docker restart keystone
nano /etc/kolla/horizon/_9998-kolla-settings.py
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN = True
OPENSTACK_KEYSTONE_DOMAIN_CHOICES = (
('Default', 'default'),
('RNDTEST', 'RNDTEST'),
)
docker restart horizon
Make sure you create with same name of /etc/kolla/keystone/domain/keystone.RNDTEST.conf file, so in this case are RNDTEST
openstack domain create RNDTEST
openstack role add --project admin --group e3b0508c8244c23c6cbced8eaa59d47b39ad2e027154988c006b9322379ad999 admin