Comment 2 for bug 1688196

I've run into this again.

In my case I have a dollar sign ($) in the customer supplied password.

When running hooks, I get "Internal Server Error (HTTP 500)" and when I check /var/log/apache2/keystone_error.log I see a long trace ending with:

  2022-10-14 11:19:00.295900 oslo_config.cfg.NoSuchOptError: no such option barbaz in group [DEFAULT]

Where "foo$barbaz" is the password.

I've tried quoting the password by hand-editing /etc/keystone/domains/keystone.LDAP.conf but it still gives the above error. I tried single quotes and double quotes, separately and together.

What finally worked was adding a backslash in front of the dollar sign (even without quotes).

I suspect the config parser is trying to resolve it as some kind of variable expansion without the backslash.

Getting the backslash into the config variable isn't too difficult. Here's one way:

  juju config keystone-ldap ldap-password='foo\$barbaz'