Comment 2 for bug 1381768

Here are a few details about this issue that may help anyone encountering it before a fix is available in an actual release:

This issue is only triggered if the LDAP simple paged results control is being used. The use of this control can be avoided by disabling paging in keystone. This is done as follows in keystone.conf:

-----------------
[ldap]
...
page_size=0
-----------------

Note that disabling paging may be problematic if you have a large number of users in your LDAP server, as you could encounter LDAP search limits when performing operations such as listing users in Keystone. An alternative workaround if paging support is needed is to downgrade python-ldap to 2.3.x until such time that a fix is made available for Keystone.