settingsLogin | Registersettings

[Openstack] FW: problem using redundant ldap servers with keystone

0 votes

[correct destination this time]

Subject: problem using redundant ldap servers with keystone
Date: Mon, 15 Jun 2015 18:10:25 +0000

I have an HA OpenStack installation with a keystone domain backed by an LDAP server.
I want to make the installation resilient in the case of an LDAP server failure, so I have configured keystone with a space-separated list of LDAP server urls in the [ldap] url option.
This configuration appears to work well if I e.g. stop slapd on one of the LDAP servers - I can login to horizon as a user from the LDAP directory as long as one of the LDAP servers is running slapd.
But if I shutdown one of the LDAP servers, login to horizon fails and the browser (chrome in this case) says "No data received".
I've turned on debug logging in keystone, and as far as I can see the LDAP requests are still working; indeed cli commands like "openstack user list --domain " which get data from LDAP still work.
Any ideas?
[openstack juno, centos 7, keystone and horizon running as wsgi apps under Apache]


Mailing list:
Post to :
Unsubscribe :

asked Jun 15, 2015 in openstack by Chris_Card (260 points)   1 2