Comment 0 for bug 1527759

We recently upgraded from kilo.0 to kilo.2 in our dev environment and noticed that keystone tenant-list is always failing for the admin user.

Our config is as follows default domain is tied to read-only ldap (AD), a heat domain is created to use for trusts to handle the created heatstack users/passwords. Under kilo.0 everything was happy. UNder kilo0.2 we get the following error:

keystone tenant-list
The request you have made requires authentication. (HTTP 401) (Request-ID: req-d30289f0-778d-4577-8150-7ddd5438ad9c)

Looking at the differences between kilo.0 and kilo.2 it seems like: https://github.com/openstack/keystone/commit/9dfad21201251364c6d205e8e79813bfe78e6107 is the most likely culprit for this regression. However, I have not yet been able to test if reverting that change fixes the issue.