OpenStack Identity (keystone)

Error 500 when trying to set empty description with LDAP

Bug #1282676 reported by Julie Pichon
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Won't Fix
Medium
Adam Young

Bug Description

When trying to update the project description with an empty string, Keystone answers with an error 500. I'm using Devstack set up with the LDAP backend (including assignment) and unfortunately, I'm not familiar enough with LDAP to determine if the problem might be in the configuration elsewhere.

The issue is particularly noticeable when using Horizon because when trying to e.g. assign a user to a project, all the project-related fields are also updated.

How to reproduce:
1. Get a valid token: openstack --os-identity-api-version 3 token-create
2. Try to update an existing project by setting the description to "":

 curl -i -X PATCH http://192.168.100.219:35357/v3/projects/2b3f7fa5eadb4ee2bef569fee399efe4 -H "X-Auth-Token: $TOKEN" -H "Content-Type: application/json" -d '{"project": {"description": ""}}'
HTTP/1.1 500 Internal Server Error
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 222
Date: Thu, 20 Feb 2014 16:11:25 GMT

{"error": {"message": "An unexpected error prevented the server from fulfilling your request. {'info': 'description: value #0 invalid per syntax', 'desc': 'Invalid syntax'}", "code": 500, "title": "Internal Server Error"}}

Keystone logs:

2014-02-20 15:55:05.121 DEBUG keystone.common.ldap.core [-] LDAP bind: dn=cn=Manager,dc=openstack,dc=org from (pid=9341) simple_bind_s /opt/stack/keystone/keystone/common/ld
ap/core.py:555
2014-02-20 15:55:05.125 DEBUG keystone.common.ldap.core [-] LDAP modify: dn=cn=2b3f7fa5eadb4ee2bef569fee399efe4,ou=Projects,dc=openstack,dc=org, modlist=[(0, 'description',
[''])] from (pid=9341) modify_s /opt/stack/keystone/keystone/common/ldap/core.py:650
2014-02-20 15:55:05.126 DEBUG keystone.common.ldap.core [-] LDAP unbind from (pid=9341) unbind_s /opt/stack/keystone/keystone/common/ldap/core.py:559
2014-02-20 15:55:05.126 DEBUG keystone.common.ldap.core [-] LDAP unbind from (pid=9341) unbind_s /opt/stack/keystone/keystone/common/ldap/core.py:559
2014-02-20 15:55:05.126 ERROR keystone.common.wsgi [-] {'info': 'description: value #0 invalid per syntax', 'desc': 'Invalid syntax'}
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 211, in __call__
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi result = method(context, **params)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/controller.py", line 131, in inner
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi return f(self, context, *args, **kwargs)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/assignment/controllers.py", line 414, in update_project
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi ref = self.assignment_api.update_project(project_id, project)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/notifications.py", line 73, in wrapper
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi result = f(*args, **kwargs)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/assignment/core.py", line 97, in update_project
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi ret = self.driver.update_project(tenant_id, tenant)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/assignment/backends/ldap.py", line 83, in update_project
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi return self._set_default_domain(self.project.update(tenant_id, tenant))
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/assignment/backends/ldap.py", line 488, in update
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi return super(ProjectApi, self).update(project_id, values, old_obj)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/ldap/core.py", line 784, in update
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi object_id, values, old_obj)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/ldap/core.py", line 453, in update
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi conn.modify_s(self._id_to_dn(object_id), modlist)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/ldap/core.py", line 652, in modify_s
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi return self.conn.modify_s(dn, ldap_modlist)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 357, in modify_s
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi return self.result(msgid,all=1,timeout=self.timeout)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 458, in result
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 462, in result2
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 469, in result3
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi resp_ctrl_classes=resp_ctrl_classes
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 476, in result4
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi result = func(*args,**kwargs)
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi INVALID_SYNTAX: {'info': 'description: value #0 invalid per syntax', 'desc': 'Invalid syntax'}
2014-02-20 15:55:05.126 TRACE keystone.common.wsgi
2014-02-20 15:55:05.130 INFO eventlet.wsgi.server [-] 192.168.100.219 - - [20/Feb/2014 15:55:05] "PATCH /v3/projects/2b3f7fa5eadb4ee2bef569fee399efe4 HTTP/1.1" 500 370 0.173492

slapd logs:

53062559 conn=1235 fd=16 ACCEPT from IP=127.0.0.1:48228 (IP=0.0.0.0:389)
53062559 conn=1235 op=0 BIND dn="cn=Manager,dc=openstack,dc=org" method=128
53062559 conn=1235 op=0 BIND dn="cn=Manager,dc=openstack,dc=org" mech=SIMPLE ssf=0
53062559 conn=1235 op=0 RESULT tag=97 err=0 text=
53062559 conn=1235 op=1 SRCH base="ou=Projects,dc=openstack,dc=org" scope=1 deref=0 filter="(&(cn=2b3f7fa5eadb4ee2bef569fee399efe4)(objectClass=groupOfNames))"
53062559 conn=1235 op=1 SRCH attr=ou enabled description businessCategory
53062559 conn=1235 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
53062559 conn=1235 op=2 UNBIND
53062559 conn=1235 fd=16 closed
53062559 conn=1236 fd=16 ACCEPT from IP=127.0.0.1:48229 (IP=0.0.0.0:389)
53062559 conn=1236 op=0 BIND dn="cn=Manager,dc=openstack,dc=org" method=128
53062559 conn=1236 op=0 BIND dn="cn=Manager,dc=openstack,dc=org" mech=SIMPLE ssf=0
53062559 conn=1236 op=0 RESULT tag=97 err=0 text=
53062559 conn=1236 op=1 MOD dn="cn=2b3f7fa5eadb4ee2bef569fee399efe4,ou=Projects,dc=openstack,dc=org"
53062559 conn=1236 op=1 MOD attr=description
53062559 conn=1236 op=1 RESULT tag=103 err=21 text=description: value #0 invalid per syntax
53062559 conn=1236 op=2 UNBIND
53062559 conn=1236 fd=16 closed

Horizon logs:

[Thu Feb 20 15:55:04.948432 2014] [:error] [pid 11040] REQ: curl -i -X PATCH http://192.168.100.219:35357/v3/projects/2b3f7fa5eadb4ee2bef569fee399efe4 -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "Forwarded: for=192.168.100.1;by=python-keystoneclient" -H "X-Auth-Token: ad8deaaaa54bfd6f0b296c47f18ff3fb" -d '{"project": {"enabled": false, "name": "demo", "description": ""}}'
[Thu Feb 20 15:55:05.130162 2014] [:error] [pid 11040] RESP: [500] CaseInsensitiveDict({'date': 'Thu, 20 Feb 2014 15:55:05 GMT', 'vary': 'X-Auth-Token', 'content-length': '222', 'content-type': 'application/json'})
[Thu Feb 20 15:55:05.130241 2014] [:error] [pid 11040] RESP BODY: {"error": {"message": "An unexpected error prevented the server from fulfilling your request. {'info': 'description: value #0 invalid per syntax', 'desc': 'Invalid syntax'}", "code": 500, "title": "Internal Server Error"}}

Tags: ldap
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/75142

Changed in keystone:
assignee: nobody → Richard Megginson (rmeggins)
status: New → In Progress
Revision history for this message
Dolph Mathews (dolph) wrote :

Related: https://bugs.launchpad.net/keystone/+bug/1293698

tags: added: ldap
Changed in keystone:
importance: Undecided → Medium
Matt Fischer (mfisch)
Changed in keystone:
assignee: Richard Megginson (rmeggins) → nobody
Dolph Mathews (dolph)
Changed in keystone:
status: In Progress → Triaged
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: nobody → Richard Megginson (rmeggins)
status: Triaged → In Progress
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Richard Megginson (rmeggins) → Adam Young (ayoung)
Revision history for this message
Dolph Mathews (dolph) wrote :

I've abandoned the referenced changed due to inactivity and failing tests. If this is still an issue, please reset the status.

Changed in keystone:
status: In Progress → Incomplete
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystone (master)

Change abandoned by Dolph Mathews (<email address hidden>) on branch: master
Review: https://review.openstack.org/76002
Reason: Abandoning due to inactivity and failing tests.

Revision history for this message
Adam Young (ayoung) wrote :

We have depreaced the LDAP project back end. Even for identity, we are focusing on Read-Only, and not Read Write. Please reopen if this is still an issue.

Changed in keystone:
status: Incomplete → Won't Fix
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by ayoung (<email address hidden>) on branch: master
Review: https://review.openstack.org/75142
Reason: Will not fix as it is in LDAP Assignment which is deprecated.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.