Comment 5 for bug 1933109

For the record: I was trying to poke python-ldap directly (Keystone uses it under the hood):

=====

import ldap

invalid_ldap_password = 'qwe123'
ldap_password = 'abcdef'
connect = ldap.initialize('ldap://ldap.corp.com', trace_level=3)
connect.set_option(ldap.OPT_DEBUG_LEVEL, 255 )
connect.set_option(ldap.OPT_REFERRALS, 0)

======

# trying with invalid password

connect.simple_bind_s("CN=openstack openstack,OU=Технологические пользователи,OU=Users,DC=corp,DC=com", invalid_ldap_password)

*** <ldap.ldapobject.SimpleLDAPObject object at 0x7f34252733d0> ldap://ldap.corp.com - SimpleLDAPObject.result4
((4, 1, -1, 0, 0, 0), {})
=> LDAPError - INVALID_CREDENTIALS: {'desc': 'Invalid credentials', 'info': '80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839'}

# trying with valid password
connect.simple_bind_s("CN=openstack openstack,OU=Технологические пользователи,OU=Users,DC=corp,DC=com", ldap_password)

*** <ldap.ldapobject.SimpleLDAPObject object at 0x7f34252733d0> ldap://ldap.corp.com - SimpleLDAPObject.simple_bind
=> diagnosticMessage: '80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839'
=> result:
5
*** <ldap.ldapobject.SimpleLDAPObject object at 0x7f34252733d0> ldap://ldap.corp.com - SimpleLDAPObject.result4
((5, 1, -1, 0, 0, 0), {})
=> result:
(97, [], 5, [])
(97, [], 5, [])
>>>