For the record: I was trying to poke python-ldap directly (Keystone uses it under the hood):
=====
import ldap
invalid_ldap_password = 'qwe123' ldap_password = 'abcdef' connect = ldap.initialize('ldap://ldap.corp.com', trace_level=3) connect.set_option(ldap.OPT_DEBUG_LEVEL, 255 ) connect.set_option(ldap.OPT_REFERRALS, 0)
======
# trying with invalid password
connect.simple_bind_s("CN=openstack openstack,OU=Технологические пользователи,OU=Users,DC=corp,DC=com", invalid_ldap_password)
*** <ldap.ldapobject.SimpleLDAPObject object at 0x7f34252733d0> ldap://ldap.corp.com - SimpleLDAPObject.result4 ((4, 1, -1, 0, 0, 0), {}) => LDAPError - INVALID_CREDENTIALS: {'desc': 'Invalid credentials', 'info': '80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839'}
# trying with valid password connect.simple_bind_s("CN=openstack openstack,OU=Технологические пользователи,OU=Users,DC=corp,DC=com", ldap_password)
*** <ldap.ldapobject.SimpleLDAPObject object at 0x7f34252733d0> ldap://ldap.corp.com - SimpleLDAPObject.simple_bind => diagnosticMessage: '80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839' => result: 5 *** <ldap.ldapobject.SimpleLDAPObject object at 0x7f34252733d0> ldap://ldap.corp.com - SimpleLDAPObject.result4 ((5, 1, -1, 0, 0, 0), {}) => result: (97, [], 5, []) (97, [], 5, []) >>>
For the record: I was trying to poke python-ldap directly (Keystone uses it under the hood):
=====
import ldap
invalid_ ldap_password = 'qwe123' ('ldap: //ldap. corp.com' , trace_level=3) set_option( ldap.OPT_ DEBUG_LEVEL, 255 ) set_option( ldap.OPT_ REFERRALS, 0)
ldap_password = 'abcdef'
connect = ldap.initialize
connect.
connect.
======
# trying with invalid password
connect. simple_ bind_s( "CN=openstack openstack, OU=Технологичес кие пользователи, OU=Users, DC=corp, DC=com" , invalid_ ldap_password)
*** <ldap.ldapobjec t.SimpleLDAPObj ect object at 0x7f34252733d0> ldap:// ldap.corp. com - SimpleLDAPObjec t.result4 CREDENTIALS: {'desc': 'Invalid credentials', 'info': '80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityC ontext error, data 52e, v3839'}
((4, 1, -1, 0, 0, 0), {})
=> LDAPError - INVALID_
# trying with valid password simple_ bind_s( "CN=openstack openstack, OU=Технологичес кие пользователи, OU=Users, DC=corp, DC=com" , ldap_password)
connect.
*** <ldap.ldapobjec t.SimpleLDAPObj ect object at 0x7f34252733d0> ldap:// ldap.corp. com - SimpleLDAPObjec t.simple_ bind ontext error, data 52e, v3839' t.SimpleLDAPObj ect object at 0x7f34252733d0> ldap:// ldap.corp. com - SimpleLDAPObjec t.result4
=> diagnosticMessage: '80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityC
=> result:
5
*** <ldap.ldapobjec
((5, 1, -1, 0, 0, 0), {})
=> result:
(97, [], 5, [])
(97, [], 5, [])
>>>