When keystone is configured with ldap server as identity backend, if incorrect credentials were configured under [ldap] section [1] of domains conf file, then POST request on /v3/auth/tokens API with users in ldap is returning unexpected 500 error [0] with stacktrace[2] shown below.
Instead of unexpected error user should be given a proper message about invalid credentials configured.
[0]
{"error": {"message": "An unexpected error prevented the server from fulfilling your request.", "code": 500, "title": "Internal Server Error"}}
[1]
[ldap]
url = ldap://9.9.9.9
user = cn=root
password = <<incorrect password>>
[2]Stacktrace:
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi [req-7b62d1db-64bd-4961-819e-0815bc355636 02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'}
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most recent call last):
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi result = method(req, **params)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in wrapper
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, request, filters, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, in list_users
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi refs = self.identity_api.list_users(domain_scope=domain, hints=hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in wrapped
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in wrapper
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in wrapper
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in list_users
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi ref_list = self._handle_federated_attributes_in_hints(driver, hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in _handle_federated_attributes_in_hints
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return driver.list_users(hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 88, in list_users
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return self.user.get_all_filtered(hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 353, in get_all_filtered
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for user in self.get_all(query, hints)]
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 345, in get_all
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi hints=hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1872, in get_all
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return super(EnabledEmuMixIn, self).get_all(ldap_filter, hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1518, in get_all
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for x in self._ldap_get_all(hints, ldap_filter)]
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/driver_hints.py", line 42, in wrapper
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, hints, *args, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1474, in _ldap_get_all
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi with self.get_connection() as conn:
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1280, in get_connection
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi conn.simple_bind_s(user, password)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 915, in simple_bind_s
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi clientctrls=clientctrls)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 762, in simple_bind_s
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi with self._get_pool_connection() as conn:
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib64/python2.7/contextlib.py", line 17, in __enter__
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return self.gen.next()
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 291, in connection
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi conn = self._get_connection(bind, passwd)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 244, in _get_connection
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi conn = self._create_connector(bind, passwd)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 221, in _create_connector
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi raise exc
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi
2017-04-20 09:09:13.177 12300 DEBUG keystone.middleware.auth [req-ab1bbb86-490f-44e9-9c34-57c24b6af1fb - - - - -] Authenticating user token process_request /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py:401
You should fix your keystone.conf. If you set incorrect password for database, or incorrect name for an identity backend, or incorrect value to any other option, nothing is going to work too. I think it is fine that it fails this way.