[Yahoo-eng-team] [Bug 1480334] Re: can't use "$" in password for ldap authentication
I'm marking this as invalid for keystone since it affects all components
that use oslo_config.
** Changed in: keystone
Status: Triaged => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1480334
Title:
can't use "$" in password for ldap authentication
Status in Keystone:
Invalid
Status in oslo.config:
Won't Fix
Bug description:
keystone can't connect to ldap server if "$" used in password.
keystone.tld.conf
[identity]
driver = keystone.identity.backends.ldap.Identity
[assignment]
driver = keystone.assignment.backends.sql.Assignment
[ldap]
url=ldap://172.16.56.46:389
user=admin...@keystone.tld
password=Pa$$w0rd
suffix=dc=keystone,dc=tld
query_scope = sub
user_tree_dn=dc=keystone,dc=tld
user_objectclass=person
user_id_attribute=cn
#user_name_attribute=userPrincipalName
user_name_attribute=cn
use_pool = true
pool_size = 10
pool_retry_max = 3
pool_retry_delay = 0.1
pool_connection_timeout = -1
pool_connection_lifetime = 600
use_auth_pool = true
auth_pool_size = 100
auth_pool_connection_lifetime = 60
debug_level = 4095
Debug from log:
<15>Jul 31 14:00:04 node-1 keystone-all LDAP init: url=ldap://172.16.56.46:389
<15>Jul 31 14:00:04 node-1 keystone-all LDAP init: use_tls=False
tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1
<15>Jul 31 14:00:04 node-1 keystone-all LDAP bind:
who=CN=admin_ad,CN=Users,DC=keystone,DC=tld
<15>Jul 31 14:00:04 node-1 keystone-all arg_dict: {}
<14>Jul 31 14:00:04 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015
14:00:04] "OPTIONS / HTTP/1.0" 300 919 0.143915
<15>Jul 31 14:00:04 node-1 keystone-all arg_dict: {}
<14>Jul 31 14:00:05 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015
14:00:05] "OPTIONS / HTTP/1.0" 300 921 0.155419
<11>Jul 31 14:00:05 node-1 keystone-all {'info': '80090308: LdapErr:
DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580', 'desc':
'Invalid credentials'}
while I can connect to server with ldapsearch
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1480334/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1480334] Re: can't use $ in password for ldap authentication
You can use a \$ to prevent the expansion like so Pa\$\$w0rd or using
$$ like so pasw0rd
Thanks,
dims
** Changed in: oslo.config
Status: New = Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1480334
Title:
can't use $ in password for ldap authentication
Status in Keystone:
Triaged
Status in oslo.config:
Won't Fix
Bug description:
keystone can't connect to ldap server if $ used in password.
keystone.tld.conf
[identity]
driver = keystone.identity.backends.ldap.Identity
[assignment]
driver = keystone.assignment.backends.sql.Assignment
[ldap]
url=ldap://172.16.56.46:389
user=admin...@keystone.tld
password=Pa$$w0rd
suffix=dc=keystone,dc=tld
query_scope = sub
user_tree_dn=dc=keystone,dc=tld
user_objectclass=person
user_id_attribute=cn
#user_name_attribute=userPrincipalName
user_name_attribute=cn
use_pool = true
pool_size = 10
pool_retry_max = 3
pool_retry_delay = 0.1
pool_connection_timeout = -1
pool_connection_lifetime = 600
use_auth_pool = true
auth_pool_size = 100
auth_pool_connection_lifetime = 60
debug_level = 4095
Debug from log:
15Jul 31 14:00:04 node-1 keystone-all LDAP init: url=ldap://172.16.56.46:389
15Jul 31 14:00:04 node-1 keystone-all LDAP init: use_tls=False
tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1
15Jul 31 14:00:04 node-1 keystone-all LDAP bind:
who=CN=admin_ad,CN=Users,DC=keystone,DC=tld
15Jul 31 14:00:04 node-1 keystone-all arg_dict: {}
14Jul 31 14:00:04 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015
14:00:04] OPTIONS / HTTP/1.0 300 919 0.143915
15Jul 31 14:00:04 node-1 keystone-all arg_dict: {}
14Jul 31 14:00:05 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015
14:00:05] OPTIONS / HTTP/1.0 300 921 0.155419
11Jul 31 14:00:05 node-1 keystone-all {'info': '80090308: LdapErr:
DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580', 'desc':
'Invalid credentials'}
while I can connect to server with ldapsearch
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1480334/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1480334] Re: can't use $ in password for ldap authentication
This is because of oslo_config's option value interpolation:
http://docs.openstack.org/developer/oslo.config/cfg.html#option-value-interpolation
This can be overriden by using $$ instead of $, but it would be great to
mark some options as not using the interpolation.
** Also affects: oslo.config
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1480334
Title:
can't use $ in password for ldap authentication
Status in Keystone:
Triaged
Status in oslo.config:
New
Bug description:
keystone can't connect to ldap server if $ used in password.
keystone.tld.conf
[identity]
driver = keystone.identity.backends.ldap.Identity
[assignment]
driver = keystone.assignment.backends.sql.Assignment
[ldap]
url=ldap://172.16.56.46:389
user=admin...@keystone.tld
password=Pa$$w0rd
suffix=dc=keystone,dc=tld
query_scope = sub
user_tree_dn=dc=keystone,dc=tld
user_objectclass=person
user_id_attribute=cn
#user_name_attribute=userPrincipalName
user_name_attribute=cn
use_pool = true
pool_size = 10
pool_retry_max = 3
pool_retry_delay = 0.1
pool_connection_timeout = -1
pool_connection_lifetime = 600
use_auth_pool = true
auth_pool_size = 100
auth_pool_connection_lifetime = 60
debug_level = 4095
Debug from log:
15Jul 31 14:00:04 node-1 keystone-all LDAP init: url=ldap://172.16.56.46:389
15Jul 31 14:00:04 node-1 keystone-all LDAP init: use_tls=False
tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1
15Jul 31 14:00:04 node-1 keystone-all LDAP bind:
who=CN=admin_ad,CN=Users,DC=keystone,DC=tld
15Jul 31 14:00:04 node-1 keystone-all arg_dict: {}
14Jul 31 14:00:04 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015
14:00:04] OPTIONS / HTTP/1.0 300 919 0.143915
15Jul 31 14:00:04 node-1 keystone-all arg_dict: {}
14Jul 31 14:00:05 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015
14:00:05] OPTIONS / HTTP/1.0 300 921 0.155419
11Jul 31 14:00:05 node-1 keystone-all {'info': '80090308: LdapErr:
DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580', 'desc':
'Invalid credentials'}
while I can connect to server with ldapsearch
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1480334/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
