im使用Keystone api创建用户(如固件Keystone API创建用户).
im using keystone api to create an user (as in Fiware Keystone API Create User).
我的步骤:
使用以下项目创建项目:
create project with:
curl -s -H"X-Auth-Token:17007fe11124bd71eb60" -H内容类型: application/json"-d'{" tenant:{" description:" Project1, 名称":"proyecto1",已启用":true}}' localhost:35357/v2.0/tenants -X POST | Python -mjson.tool
curl -s -H "X-Auth-Token:17007fe11124bd71eb60" -H "Content-Type: application/json" -d '{"tenant": {"description":"Project1", "name":"proyecto1", "enabled": true}}' localhost:35357/v2.0/tenants -X POST | python -mjson.tool
创建角色:
curl -s -H"X-Auth-Token:17007fe11124bd71eb60" -H内容类型: application/json"-d'{" role:{" name:" Project1Admin, "description":"project1的角色管理员"}}' localhost:35357/v3/roles | python -mjson.tool
curl -s -H "X-Auth-Token:17007fe11124bd71eb60" -H "Content-Type: application/json" -d '{"role":{"name":"Project1Admin", "description":"Role Admin for project1"}}' localhost:35357/v3/roles | python -mjson.tool
创建用户:
curl -s -H"X-Auth-Token:17007fe11124bd71eb60" -H内容类型: application/json"-d'{" user:{" default_project_id: "d0f384973b9f4a57b975fcd9bef10c6e",描述":"admin1", "enabled":true,"name":"admin","password":"admin", "email":"admin@gmail"}}' localhost:35357/v2. 0/用户 | python -mjson.tool
curl -s -H "X-Auth-Token:17007fe11124bd71eb60" -H "Content-Type: application/json" -d '{"user": {"default_project_id": "d0f384973b9f4a57b975fcd9bef10c6e", "description":"admin1", "enabled":true, "name":"admin", "password":"admin", "email":"admin@gmail"}}' localhost:35357/v2.0/users | python -mjson.tool
最后一步:创建用户-角色-租户关系:
last step: create user-role-tenant relationship:
curl -s -H"X-Auth-Token:17007fe11124bd71eb60" localhost:35357/v2. 0/租户/d0f384973b9f4a57b975fcd9bef10c6e/users/admin1/roles/OS-KS/0c10f475076345368724a03ccd1c3403 -X PUT
curl -s -H "X-Auth-Token:17007fe11124bd71eb60" localhost:35357/v2.0/tenants/d0f384973b9f4a57b975fcd9bef10c6e/users/admin1/roles/OS-KS/0c10f475076345368724a03ccd1c3403 -X PUT
如果我检查用户:
curl -s -H"X-Auth-Token:17007fe11124bd71eb60" localhost:5000/v3/users/admin1 | python -mjson.tool
curl -s -H "X-Auth-Token:17007fe11124bd71eb60" localhost:5000/v3/users/admin1 | python -mjson.tool
响应:
{ "user": { "default_project_id": "d0f384973b9f4a57b975fcd9bef10c6e", "description": "admin1", "domain_id": "default", "email": "admin1@gmail", "enabled": true, "id": "admin1", "links": { "self": "localhost:5000/v3/users/admin1" }, "name": "admin1", "username": null } }我认为这很好,但是我尝试连接Horizon并出现错误无效的用户或密码".即时通讯进入日志的结果如下:
I think thats good, But I try to connect with horizon and have an error "Invalid user or password". The result im getting in logs is the following :
keystone.log
keystone.log
2016-04-20 07:56:03.949 2150 WARNING keystonemon.wsgi [-] Could not find user: admin1@gmail 2016-04-20 07:56:03.967 2150 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [20/Apr/2016 07:56:03] "HEAD /v3/OS-TWO-FACTOR/two_factor_auth?user_name=admin1%40gmail&domain_name=Default HTTP/1.1" 404 159 0.077033horizon.log:
horizon.log:
[Wed Apr 20 07:59:41.934935 2016] [:error] [pid 5963:tid 140154061260544] Login failed for user "admin1@gmail".任何人都知道为什么该用户无法与地平线连接吗?
Anyone knows why this user cant connect with horizon?
谢谢
推荐答案在KeyRock中,我们使用name字段存储用户电子邮件,并使用username字段存储其用户名.创建用户时,请求中提供的所有属性(name,username,default_project_id,domain_id和enabled属性除外)都将被序列化并存储在称为extra的字段中.因此,您的email属性将存储在extra字段中.
In KeyRock, we use the name field to store the user email, and the username field to store its username. When creating a user, all attributes provided in the request but the name, the username, the default_project_id, the domain_id and the enabled attribute are serialized and stored inside a field called extra. Therefore, your email attribute will be stored in the extra field.
注册后,登录Horizon并提供用户电子邮件时,Horizon会向Keystone发送请求,以在name字段中搜索电子邮件.由于您输入的是admin1@gmail,但您提供的实际名称是admin1,因此登录Horizon将会失败.
After registering, when loging in to Horizon and providing the user email, Horizon sends a request to Keystone to search for the email in the name field. Since you are entering admin1@gmail, but the actual name you provided is admin1, login into Horizon will fail.
使用admin1@gmail作为名称(而不是电子邮件)重新注册用户应该可以解决您的问题,但是如果您负担不起重新创建用户的费用,也可以在登录表单的电子邮件字段中输入admin1.
Registering the user again with admin1@gmail as name (and not email) should fix your problem, but you can also enter admin1 in the email field of the login form if you can't afford to recreate the user.
希望这可以解决您的问题!
Hope this solves your issue!
更多推荐
Fiware Keystone API创建用户并通过Horizon进行访问
发布评论