Troubleshooting
Problem
IBM Cloud manager for OpenStack will not support log on from a LDAP server if the attribute mapped to the user name is multivalued.
Cause
If the LDAP server has the user name attribute set to a field which is multi-valued, the log in will fail.
The keystone logs will contain error
WARNING: must not be a multivalued
Environment
IBM Cloud Manager with Openstack (CMwO) configured to authenticate with external ldap
Diagnosing The Problem
Perform an ldapsearch and check for multiple values for the signed user name.
The attribute which is used to log in is the configuration file /etc/keystone/keystone.conf
find the parameter
user_id_attribute =
what value is set is the attribute in ldap used, example
user_id_attribute = uid
If the ldapsearch returns the attribute uid more than once, this is an unsupported LDAP attribute to authenticate with CMwO.
Resolving The Problem
Configure keystone to use an LDAP attribute which is NOT multivalued.
[{"Product":{"code":"SST55W","label":"IBM Cloud Manager with OpenStack"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"","label":"Other"}],"Version":"4.3","Edition":"Standard","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
nas8N1021331