After installing grizzly successfully with devstack with LDAP backend, when user try to log in via Horizon dashboard authentication is denied with the following error in the screen-horizon.log:
[Fri Apr 12 14:40:31 2013] [error] DEBUG:openstack_auth.backend:Beginning user authentication for user "admin".
[Fri Apr 12 14:40:31 2013] [error] DEBUG:openstack_auth.backend:Authorization Failed: [Errno 111] Connection refused
[Fri Apr 12 14:40:46 2013] [error] DEBUG:openstack_auth.backend:Beginning user authentication for user "admin".
[Fri Apr 12 14:40:46 2013] [error] DEBUG:openstack_auth.backend:Authorization Failed: [Errno 111] Connection refused
[Fri Apr 12 14:49:45 2013] [error] DEBUG:openstack_auth.backend:Beginning user authentication for user "admin".
[Fri Apr 12 14:49:45 2013] [error] DEBUG:openstack_auth.backend:Authorization Failed: Unable to communicate with identity service: {"error": {"message": "Could not find domain: default", "code": 404, "title": "Not Found"}}. (HTTP 404)
The failure is due to the fact that no 'default' domain was created in the LDAP tree something keystone was looking for. The long term solution may be not to expect 'default' domain in the LDAP tree in keystone or create one automatically (which could be a problem in read-only LDAP environment though), which seems like sql backend is doing.
The quick solution is to create 'default' domain specific entry in the LDAP tree when user select the option to install LDAP with KEYSTONE_IDENTITY_BACKEND=ldap option. As an workaround to users with existing LDAP, they may need to create 'default' domain specific entry manually for now.
I have opened a similar bug for devstack here - https://bugs.launchpad.net/devstack/+bug/1168724
Fix proposed to branch: master /review. openstack. org/27364
Review: https:/