I setup a non-default domain with an LDAP backend, with emails as usernames. This caused ldap user authentication to fail:
2016-02-16 02:49:48.311 18101 DEBUG keystone.common.ldap.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] LDAP init: url=ldap://bluepages.ibm.com 2016-02-16 02:49:48.311 _common_ldap_initialization /opt/stack/keystone/keystone/common/ldap/core.py:579
2016-02-16 02:49:48.311 18101 DEBUG keystone.common.ldap.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1 2016-02-16 02:49:48.311 _common_ldap_initialization /opt/stack/keystone/keystone/common/ldap/core.py:583
2016-02-16 02:49:48.311 18101 DEBUG keystone.common.ldap.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] LDAP search: base=ou=bluepages,o=ibm.com scope=2 filterstr=(&(<email address hidden>)(objectClass=ibmPerson)(uid=*)) attrs=['mail', 'userPassword', 'enabled', 'uid'] attrsonly=0 2016-02-16 02:49:48.311 search_s /opt/stack/keystone/keystone/common/ldap/core.py:938
2016-02-16 02:49:48.418 18101 DEBUG keystone.common.ldap.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] LDAP unbind 2016-02-16 02:49:48.418 unbind_s /opt/stack/keystone/keystone/common/ldap/core.py:911
2016-02-16 02:49:48.420 18101 DEBUG keystone.identity.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] ID Mapping - Domain ID: f661d8c0c14848f5909cf5229a473377, Default Driver: False, Domains: False, UUIDs: False, Compatible IDs: True 2016-02-16 02:49:48.420 _set_domain_id_and_mapping /opt/stack/keystone/keystone/identity/core.py:577
2016-02-16 02:49:48.420 18101 DEBUG keystone.identity.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] Local ID: 011918649 2016-02-16 02:49:48.420 _set_domain_id_and_mapping_for_single_ref /opt/stack/keystone/keystone/identity/core.py:595
2016-02-16 02:49:48.425 18101 DEBUG keystone.identity.core [req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] Found existing mapping to public ID: 2165702f085e15ff59308d8723df016d75fdd07e9af527a881b87812278e5068 2016-02-16 02:49:48.425 _set_domain_id_and_mapping_for_single_ref /opt/stack/keystone/keystone/identity/core.py:608
2016-02-16 02:32:22.650 17136 ERROR keystone.common.wsgi [req-0fb5bb7b-2ba1-4ced-a814-71bd53939d46 - - - - -] 'ascii' codec can't decode byte 0xec in position 2: ordinal not in range(128)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi Traceback (most recent call last):
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 247, in __call__
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi result = method(context, **params)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 396, in authenticate_for_token
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi self.authenticate(context, auth_info, auth_context)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 520, in authenticate
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi auth_context)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/plugins/password.py", line 36, in authenticate
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi password=user_info.password)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/manager.py", line 124, in wrapped
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/notifications.py", line 555, in wrapper
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi initiator = _get_request_audit_info(context, user_id)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/notifications.py", line 521, in _get_request_audit_info
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi initiator.id = utils.resource_uuid(user_id)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/utils.py", line 60, in resource_uuid
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi return uuid.uuid5(RESOURCE_ID_NAMESPACE, value).hex
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi File "/usr/lib/python2.7/uuid.py", line 567, in uuid5
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi hash = sha1(namespace.bytes + name).digest()
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi UnicodeDecodeError: 'ascii' codec can't decode byte 0xec in position 2: ordinal not in range(128)
we should do a similar check as gnocchi: http:// git.openstack. org/cgit/ openstack/ gnocchi/ tree/gnocchi/ utils.py# n37
over here: https:/ /github. com/openstack/ keystone/ blob/master/ keystone/ common/ utils.py# L58-L62