ldap and fernet token gives ValueError('badly formed hexadecimal UUID string')
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned |
Bug Description
When playing with some keystone deployment alternatives I stumble on a keystone issue:
> 2015-05-27 12:11:52.946 57 DEBUG keystone.
> 2015-05-27 12:11:52.946 57 DEBUG keystone.
> 2015-05-27 12:11:52.946 57 DEBUG keystone.
> 2015-05-27 12:11:52.955 57 ERROR keystone.
> 2015-05-27 12:11:52.955 57 ERROR keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.955 57 TRACE keystone.
> 2015-05-27 12:11:52.958 57 INFO eventlet.
Switching to UUID tokens it works. Switching to SQL Identity backend and fernet tokens works.
The combination of LDAP identity backend and fernet tokens gives me the above log for any request with name/password. Reproducable always.
I have a very minimalistic "cloud" setup with only 2 or 3 docker containers. One with the SQL DB, one for Keystone and optionally one for LDAP.
I use Ubuntu 15.04 as base image for my containers that includes Kilo. I've patched keystone with the following changeset to make it work (with LDAP):
commit 2c6db4a3bb9e171
Author: Edmund Rhudy <email address hidden>
Date: Thu May 21 12:42:40 2015 -0400
Make sure LDAP filter is constructed correctly