authenticating with ldap user fails due to notification

Bug #1545960 reported by Steve Martinelli
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
High
Steve Martinelli

Bug Description

I setup a non-default domain with an LDAP backend, with emails as usernames. This caused ldap user authentication to fail:

2016-02-16 02:49:48.311 18101 DEBUG keystone.common.ldap.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] LDAP init: url=ldap://bluepages.ibm.com 2016-02-16 02:49:48.311 _common_ldap_initialization /opt/stack/keystone/keystone/common/ldap/core.py:579
2016-02-16 02:49:48.311 18101 DEBUG keystone.common.ldap.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1 2016-02-16 02:49:48.311 _common_ldap_initialization /opt/stack/keystone/keystone/common/ldap/core.py:583
2016-02-16 02:49:48.311 18101 DEBUG keystone.common.ldap.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] LDAP search: base=ou=bluepages,o=ibm.com scope=2 filterstr=(&(<email address hidden>)(objectClass=ibmPerson)(uid=*)) attrs=['mail', 'userPassword', 'enabled', 'uid'] attrsonly=0 2016-02-16 02:49:48.311 search_s /opt/stack/keystone/keystone/common/ldap/core.py:938
2016-02-16 02:49:48.418 18101 DEBUG keystone.common.ldap.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] LDAP unbind 2016-02-16 02:49:48.418 unbind_s /opt/stack/keystone/keystone/common/ldap/core.py:911
2016-02-16 02:49:48.420 18101 DEBUG keystone.identity.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] ID Mapping - Domain ID: f661d8c0c14848f5909cf5229a473377, Default Driver: False, Domains: False, UUIDs: False, Compatible IDs: True 2016-02-16 02:49:48.420 _set_domain_id_and_mapping /opt/stack/keystone/keystone/identity/core.py:577
2016-02-16 02:49:48.420 18101 DEBUG keystone.identity.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] Local ID: 011918649 2016-02-16 02:49:48.420 _set_domain_id_and_mapping_for_single_ref /opt/stack/keystone/keystone/identity/core.py:595
2016-02-16 02:49:48.425 18101 DEBUG keystone.identity.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] Found existing mapping to public ID: 2165702f085e15ff59308d8723df016d75fdd07e9af527a881b87812278e5068 2016-02-16 02:49:48.425 _set_domain_id_and_mapping_for_single_ref /opt/stack/keystone/keystone/identity/core.py:608

2016-02-16 02:32:22.650 17136 ERROR keystone.common.wsgi [req-0fb5bb7b-2ba1-4ced-a814-71bd53939d46 - - - - -] 'ascii' codec can't decode byte 0xec in position 2: ordinal not in range(128)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi Traceback (most recent call last):
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 247, in __call__
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi result = method(context, **params)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 396, in authenticate_for_token
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi self.authenticate(context, auth_info, auth_context)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 520, in authenticate
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi auth_context)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/plugins/password.py", line 36, in authenticate
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi password=user_info.password)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/manager.py", line 124, in wrapped
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/notifications.py", line 555, in wrapper
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi initiator = _get_request_audit_info(context, user_id)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/notifications.py", line 521, in _get_request_audit_info
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi initiator.id = utils.resource_uuid(user_id)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/utils.py", line 60, in resource_uuid
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi return uuid.uuid5(RESOURCE_ID_NAMESPACE, value).hex
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/usr/lib/python2.7/uuid.py", line 567, in uuid5
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi hash = sha1(namespace.bytes + name).digest()
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi UnicodeDecodeError: 'ascii' codec can't decode byte 0xec in position 2: ordinal not in range(128)

Revision history for this message
Steve Martinelli (stevemar) wrote :
Changed in keystone:
importance: Undecided → High
assignee: nobody → Steve Martinelli (stevemar)
milestone: none → mitaka-3
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/280542

Changed in keystone:
status: New → In Progress
Revision history for this message
Steve Martinelli (stevemar) wrote :

The value that was causing me to bomb out was:

2016-02-16 03:00:01.085 19084 DEBUG keystone.common.utils [req-563d5550-a3ed-427e-803a-ff4fb46f85ef - - - - -] value!! 2016-02-16 03:00:01.085 resource_uuid /opt/stack/keystone/keystone/common/utils.py:55
2016-02-16 03:00:01.085 19084 DEBUG keystone.common.utils [req-563d5550-a3ed-427e-803a-ff4fb46f85ef - - - - -] 2165702f085e15ff59308d8723df016d75fdd07e9af527a881b87812278e5068 2016-02-16 03:00:01.085 resource_uuid /opt/stack/keystone/keystone/common/utils.py:56

Revision history for this message
Steve Martinelli (stevemar) wrote :

The value from the backend was 2165702f085e15ff59308d8723df016d75fdd07e9af527a881b87812278e5068

Changed in keystone:
assignee: Steve Martinelli (stevemar) → Dave Chen (wei-d-chen)
Dave Chen (wei-d-chen)
Changed in keystone:
assignee: Dave Chen (wei-d-chen) → Steve Martinelli (stevemar)
Changed in keystone:
assignee: Steve Martinelli (stevemar) → Brant Knudson (blk-u)
Brant Knudson (blk-u)
Changed in keystone:
assignee: Brant Knudson (blk-u) → Steve Martinelli (stevemar)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/280542
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=90c95049a3e0a9ceadbd45b1aa5a7de50a8ea1d0
Submitter: Jenkins
Branch: master

commit 90c95049a3e0a9ceadbd45b1aa5a7de50a8ea1d0
Author: Steve Martinelli <email address hidden>
Date: Tue Feb 16 03:12:08 2016 -0500

    encode user id for notifications

    local user ids that are returned from the mapping_id backend are
    in unicode. this causes an issue when attempting to transform
    the value into uuid5.

    Change-Id: I87745944a3eb606fdd435ae983e5de602d08bd0d
    closes-bug: 1545960

Changed in keystone:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.