from:"Brian Seltzer"

[Yahoo-eng-team] [Bug 1319425] [NEW] keystone link not created in /etc/init.d

2014-05-14 Thread Brian Seltzer

Public bug reported:

On Ubuntu 14.04, when I install keystone (or any other Icehouse
service), no link is created in /etc/init.d.  The result is that command
completion doesn't work.  Normally, you can type service key (and hit
tab to complete the service name).  If I add the link by hand, ln -s
/lib/init/upstart-job keystone then this is fixed.  Is there a reason
these links are no longer being added during installation?  Note this
doesn't affect service control, I can still type service keystone status
or whatever, only the command completion is broken when the link is not
present.

** Affects: keystone
 Importance: Undecided
 Status: New


** Tags: icehouse keystone

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1319425

Title:
  keystone link not created in /etc/init.d

Status in OpenStack Identity (Keystone):
  New

Bug description:
  On Ubuntu 14.04, when I install keystone (or any other Icehouse
  service), no link is created in /etc/init.d.  The result is that
  command completion doesn't work.  Normally, you can type service key
  (and hit tab to complete the service name).  If I add the link by
  hand, ln -s /lib/init/upstart-job keystone then this is fixed.  Is
  there a reason these links are no longer being added during
  installation?  Note this doesn't affect service control, I can still
  type service keystone status or whatever, only the command completion
  is broken when the link is not present.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1319425/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1281216] [NEW] Keystone Havana Authentication Error using samAccountName in Active Directory

2014-02-17 Thread Brian Seltzer

Public bug reported:

When using Active Directory as the LDAP backend for Keystone, if I use
the cn attribute for user_id_attribute and user_name_attribute,
authentication works fine.  However, if I try to use samAccountName,
authentication fails.  For example, keystone user-list returns the
following error:

Authorization Failed: An unexpected error prevented the server from
fulfilling your request. 'name' (HTTP 500)

and the login screen in Horizon shows: An error occurred authenticating.
Please try again later.

Also, the following trace is shown in the keystone.log:

2014-02-17 06:48:37.472 8207 ERROR keystone.common.wsgi [-] 'name'
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi Traceback (most recent 
call last):
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi   File 
/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py, line 238, in 
__call__
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi result = 
method(context, **params)
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi   File 
/usr/lib/python2.7/dist-packages/keystone/token/controllers.py, line 127, in 
authenticate
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi auth_token_data, 
roles_ref=roles_ref, catalog_ref=catalog_ref)
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi   File 
/usr/lib/python2.7/dist-packages/keystone/common/manager.py, line 44, in 
_wrapper
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi return f(*args, 
**kw)
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi   File 
/usr/lib/python2.7/dist-packages/keystone/token/providers/uuid.py, line 362, 
in issue_v2_token
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi token_ref, 
roles_ref, catalog_ref)
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi   File 
/usr/lib/python2.7/dist-packages/keystone/token/providers/uuid.py, line 57, 
in format_token
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi 'name': 
user_ref['name'],
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi KeyError: 'name'
2014-02-17 06:48:37.472 8207 TRACE keystone.common.wsgi 
2014-02-17 06:48:37.474 8207 INFO access [-] 192.168.1.128 - - 
[17/Feb/2014:11:48:37 +] POST http://192.168.1.128:35357/v2.0/tokens 
HTTP/1.0 500 150

It appears that the user_ref has no 'name' property when I try to use
samAccountName.  This seems to have worked in Grizzly but does not work
in Havana.  Below are the applicable lines from the keystone.conf:

[ldap]
query_scope = sub
url = LDAP://192.168.1.253
user = CN=ldapuser,CN=Users,DC=mydomain,DC=net
password = ldapuserpassword
suffix = DC=mydomain,DC=net
use_dumb_member = True
dumb_member = CN=ldapuser,CN=Users,DC=mydomain,DC=net

user_tree_dn = CN=Users,DC=mydomain,DC=net
user_objectclass = organizationalPerson
user_id_attribute = samAccountName
user_name_attribute = samAccountName
user_mail_attribute = mail
user_enabled_attribute = userAccountControl
user_enabled_mask = 2
user_enabled_default = 512
user_attribute_ignore = password,tenant_id,tenants
user_allow_create = False
user_allow_update = False
user_allow_delete = False

tenant_tree_dn = OU=Projects,OU=OpenStack,DC=mydomain,DC=net
tenant_objectclass = organizationalUnit
tenant_id_attribute = ou
tenant_member_attribute = member
tenant_name_attribute = ou
tenant_desc_attribute = description
tenant_enabled_attribute = extensionName
tenant_attribute_ignore = description,businessCategory,extensionName
tenant_allow_create = True
tenant_allow_update = True
tenant_allow_delete = True

role_tree_dn = OU=Roles,OU=OpenStack,DC=mydomain,DC=net
role_objectclass = organizationalRole
role_id_attribute = cn
role_name_attribute = cn
role_member_attribute = roleOccupant
role_allow_create = True
role_allow_update = True
role_allow_delete = True

Again, if I change the user_id_attribute and the user_name_attribute to
cn then everything works fine.  Please advise.  Thanks!

** Affects: keystone
 Importance: Undecided
 Status: New


** Tags: active directory

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1281216

Title:
  Keystone Havana Authentication Error using samAccountName in Active
  Directory

Status in OpenStack Identity (Keystone):
  New

Bug description:
  When using Active Directory as the LDAP backend for Keystone, if I use
  the cn attribute for user_id_attribute and user_name_attribute,
  authentication works fine.  However, if I try to use samAccountName,
  authentication fails.  For example, keystone user-list returns the
  following error:

  Authorization Failed: An unexpected error prevented the server from
  fulfilling your request. 'name' (HTTP 500)

  and the login screen in Horizon shows: An error occurred
  authenticating. Please try again later.

  Also, the following trace is shown in the keystone.log:

  2014-02-17 06:48:37.472 8207 ERROR keystone.common.wsgi [-] 'name'
  2014-02-17

[Yahoo-eng-team] [Bug 1319425] [NEW] keystone link not created in /etc/init.d

[Yahoo-eng-team] [Bug 1281216] [NEW] Keystone Havana Authentication Error using samAccountName in Active Directory

2 matches

Site Navigation

Mail list logo

Footer information