OpenStack Identity (keystone)

Changing quota values from the dashboard fails with AD backend

Bug #1175768 reported by Manuel Silveyra on 2013-05-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Expired	Medium	Unassigned

Bug Description

We have a Folsom environment running with an Active Directory Keystone and when we try to modify a setting in the Admin->Projects->Modify Quotas we receive the following error:

Error: Unable to modify project "Default".

The only log file that seems to have anything related to this is /var/log/keystone/keystone.log with the following message:

2013-05-02 13:09:14 ERROR [root] {'info': '00000057: LdapErr: DSID-0C090B8A, comment: Error in attribute conversion operation, data 0, v1db1', 'desc': 'Server is unwilling to perform'}
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 204, in __call__
    result = method(context, **params)
  File "/usr/lib/python2.6/site-packages/keystone/identity/core.py", line 405, in update_tenant
    context, tenant_id, tenant)
  File "/usr/lib/python2.6/site-packages/keystone/common/manager.py", line 47, in _wrapper
    return f(*args, **kw)
  File "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py", line 222, in update_tenant
    return self.tenant.update(tenant_id, tenant)
  File "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py", line 585, in update
    super(TenantApi, self).update(id, values, old_obj)
  File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 285, in update
    conn.modify_s(self._id_to_dn(id), modlist)
  File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 339, in modify_s
    return self.conn.modify_s(dn, ldap_modlist)
  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 336, in modify_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 436, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 440, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 446, in result3
    ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 96, in _ldap_call
    result = func(*args,**kwargs)
UNWILLING_TO_PERFORM: {'info': '00000057: LdapErr: DSID-0C090B8A, comment: Error in attribute conversion operation, data 0, v1db1', 'desc': 'Server is unwilling to perform'}

It is possible to set the quota from the CLI using the 'nova quota-update' command, and the changes made are reflected in the dashboard.

Tags:

Manuel Silveyra (silveyra) on 2013-05-02

affects:

ceilometer → keystone

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-06-07:

Hmm, I wouldn't expect a call to update tenant there. I'm curious if this is still the case in grizzly/master?

Changed in keystone:
status:	New → Triaged
importance:	Undecided → Medium

Revision history for this message

Dolph Mathews (dolph) wrote on 2014-04-04:

Is this still an issue?

tags:	added: ldap
Changed in keystone:
status:	Triaged → Incomplete

Revision history for this message

Brant Knudson (blk-u) wrote on 2014-04-07:

We'd have to see what the request looks like. I wonder if this is the same problem as https://bugs.launchpad.net/keystone/+bug/1282676 .

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-06-07:

[Expired for Keystone because there has been no activity for 60 days.]

Changed in keystone:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.