bootstrapping keystone failed when LDAP backend is in use
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Won't Fix
|
Wishlist
|
Unassigned | ||
devstack |
Won't Fix
|
Wishlist
|
Unassigned |
Bug Description
"keystone-manage bootstrap" command is coded for SQL backend, it's should be okay if admin token is always supported by keystone, but we have a plan to remove the support of admin token since it's expose a security risk. And the patch to remove the support of write operation for LDAP backend is on the fly.
Based on the above consideration, we should enable the bootrapping keystone when using LDAP backend, but it currently not work sometimes, for example.
# keystone-manage bootstrap --bootstrap-
2016-10-27 16:26:29.845 11359 TRACE keystone return self.result(
2016-10-27 16:26:29.845 11359 TRACE keystone File "/usr/local/
2016-10-27 16:26:29.845 11359 TRACE keystone resp_type, resp_data, resp_msgid = self.result2(
2016-10-27 16:26:29.845 11359 TRACE keystone File "/usr/local/
2016-10-27 16:26:29.845 11359 TRACE keystone resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(
2016-10-27 16:26:29.845 11359 TRACE keystone File "/usr/local/
2016-10-27 16:26:29.845 11359 TRACE keystone resp_ctrl_
2016-10-27 16:26:29.845 11359 TRACE keystone File "/usr/local/
2016-10-27 16:26:29.845 11359 TRACE keystone ldap_result = self._ldap_
2016-10-27 16:26:29.845 11359 TRACE keystone File "/usr/local/
2016-10-27 16:26:29.845 11359 TRACE keystone result = func(*args,
2016-10-27 16:26:29.845 11359 TRACE keystone UNDEFINED_TYPE: {'info': 'enabled: attribute type undefined', 'desc': 'Undefined attribute type'}
Changed in keystone: | |
assignee: | nobody → Dave Chen (wei-d-chen) |
status: | New → In Progress |
Changed in devstack: | |
importance: | Undecided → Wishlist |
patch is here: https:/ /review. openstack. org/#/c/ 395967/