Keystone with LDAP/AD backend problem
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Adam Young |
Bug Description
When connecting to a windows Active Directory server and having many DC in AD domain Keystone seems to make a DNS request on domain.org and DomainDnsZones.
Here is the error from the keystone.log
2013-10-02 17:35:09 DEBUG [keystone.
2013-10-02 17:35:10 ERROR [root] {'info': '00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece', 'desc': 'Operations error'}
Traceback (most recent call last):
File "/usr/lib/
result = method(context, **params)
File "/usr/lib/
user_list = self.identity_
File "/usr/lib/
return f(*args, **kw)
File "/usr/lib/
return self._set_
File "/usr/lib/
return super(EnabledEm
File "/usr/lib/
for x in self._ldap_
File "/usr/lib/
self.
File "/usr/lib/
res = self.conn.
File "/usr/lib/
return self.search_
File "/usr/lib/
return self.result(
File "/usr/lib/
res_
File "/usr/lib/
res_type, res_data, res_msgid, srv_ctrls = self.result3(
File "/usr/lib/
ldap_result = self._ldap_
File "/usr/lib/
result = func(*args,
OPERATIONS_ERROR: {'info': '00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece', 'desc': 'Operations error'}
----
keystone config
[ldap]
url = ldap://
user = cn=cloud apps,ou=special accounts,
password = <some password>
suffix = DC=domain,DC=org
# use_dumb_member = False
# allow_subtree_
# dumb_member = cn=dumb,
also I found that it seems to have a recursion bug in python-ldap.. If found that bug request
Changed in keystone: | |
assignee: | nobody → Adam Young (ayoung) |