subject:"\[Yahoo\-eng\-team\] \[Bug 1684994\] Re\: POST v3\/auth\/tokens API is returning unexpected 500 error when ldap credentials are incorrect"

[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect

2017-07-03 Thread OpenStack Infra

Reviewed:  https://review.openstack.org/475929
Committed: 
https://git.openstack.org/cgit/openstack/keystone/commit/?id=91f3a2044bb45c29f9a5f771d21ed1c250116aee
Submitter: Jenkins
Branch:master

commit 91f3a2044bb45c29f9a5f771d21ed1c250116aee
Author: Gage Hugo 
Date:   Tue Jun 20 16:13:33 2017 -0500

Clarify LDAP invalid credentials exception

This change catches the invalid credentials exception
when binding with LDAP and responds with a more clear error
message of "Invalid username or password" instead of just
supplying the default 500 error message.

Change-Id: I523dd816333ad76cde8f18ae0fa43040a4478524
Closes-Bug: #1684994


** Changed in: keystone
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1684994

Title:
  POST v3/auth/tokens API is returning unexpected 500 error when ldap
  credentials are incorrect

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  When keystone is configured with ldap server as identity backend, if 
incorrect credentials were configured under [ldap] section [1] of domains conf 
file, then POST request on /v3/auth/tokens API with users in ldap is returning 
unexpected 500 error [0] with stacktrace[2] shown below. 
  Instead of unexpected error user should be given a proper message about 
invalid credentials configured.

  [0]
  {"error": {"message": "An unexpected error prevented the server from 
fulfilling your request.", "code": 500, "title": "Internal Server Error"}}

  [1]
  [ldap]
  url = ldap://9.9.9.9
  user = cn=root
  password = <>

  [2]Stacktrace: 
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi 
[req-7b62d1db-64bd-4961-819e-0815bc355636 
02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 
36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 
3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'}
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most 
recent call last):
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in 
__call__
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi result = 
method(req, **params)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
request, filters, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, 
in list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi refs = 
self.identity_api.list_users(domain_scope=domain, hints=hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in 
wrapped
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi __ret_val = 
__f(*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in 
list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi ref_list = 
self._handle_federated_attributes_in_hints(driver, hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in 
_handle_federated_attributes_in_hints
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
driver.list_users(hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 88, in list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
self.user.get_all_filtered(hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 353, in get_all_filtered
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for user in 
self.get_all(query, hints)]
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 345, in get_all

[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect

2017-04-28 Thread Matthew Edmonds

I don't think this is totally invalid. It's right to return a 500, but I
think we could improve the error message that goes with that. I.e., add
code to raise LDAPServerConnectionError once the bug Breton opened in
comment 6 is addressed.

** Changed in: keystone
   Status: Invalid => New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1684994

Title:
  POST v3/auth/tokens API is returning unexpected 500 error when ldap
  credentials are incorrect

Status in OpenStack Identity (keystone):
  New

Bug description:
  When keystone is configured with ldap server as identity backend, if 
incorrect credentials were configured under [ldap] section [1] of domains conf 
file, then POST request on /v3/auth/tokens API with users in ldap is returning 
unexpected 500 error [0] with stacktrace[2] shown below. 
  Instead of unexpected error user should be given a proper message about 
invalid credentials configured.

  [0]
  {"error": {"message": "An unexpected error prevented the server from 
fulfilling your request.", "code": 500, "title": "Internal Server Error"}}

  [1]
  [ldap]
  url = ldap://9.9.9.9
  user = cn=root
  password = <>

  [2]Stacktrace: 
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi 
[req-7b62d1db-64bd-4961-819e-0815bc355636 
02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 
36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 
3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'}
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most 
recent call last):
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in 
__call__
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi result = 
method(req, **params)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
request, filters, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, 
in list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi refs = 
self.identity_api.list_users(domain_scope=domain, hints=hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in 
wrapped
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi __ret_val = 
__f(*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in 
list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi ref_list = 
self._handle_federated_attributes_in_hints(driver, hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in 
_handle_federated_attributes_in_hints
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
driver.list_users(hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 88, in list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
self.user.get_all_filtered(hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 353, in get_all_filtered
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for user in 
self.get_all(query, hints)]
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 345, in get_all
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi hints=hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 1872, in get_all
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
super(EnabledEmuMixIn, self).get_all(ldap_filter, hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File

[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect

2017-04-28 Thread Boris Bobrov

We are now giving error code 500, and this is the correct code. 504 is
Gateway Timeout, means that one server did not receive a timely response
from another server. There is a timely response, and the response says
that the server is mis configured.

> but the error in the logs leaks information to user that keystone is
configured with LDAP as identity backend

Logs are ops-only thing. Users don't see logs, only operators do.

Sorry, i still believe current behavior is exactly what we want.

** Changed in: keystone
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1684994

Title:
  POST v3/auth/tokens API is returning unexpected 500 error when ldap
  credentials are incorrect

Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  When keystone is configured with ldap server as identity backend, if 
incorrect credentials were configured under [ldap] section [1] of domains conf 
file, then POST request on /v3/auth/tokens API with users in ldap is returning 
unexpected 500 error [0] with stacktrace[2] shown below. 
  Instead of unexpected error user should be given a proper message about 
invalid credentials configured.

  [0]
  {"error": {"message": "An unexpected error prevented the server from 
fulfilling your request.", "code": 500, "title": "Internal Server Error"}}

  [1]
  [ldap]
  url = ldap://9.9.9.9
  user = cn=root
  password = <>

  [2]Stacktrace: 
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi 
[req-7b62d1db-64bd-4961-819e-0815bc355636 
02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 
36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 
3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'}
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most 
recent call last):
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in 
__call__
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi result = 
method(req, **params)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
request, filters, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, 
in list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi refs = 
self.identity_api.list_users(domain_scope=domain, hints=hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in 
wrapped
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi __ret_val = 
__f(*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in 
list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi ref_list = 
self._handle_federated_attributes_in_hints(driver, hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in 
_handle_federated_attributes_in_hints
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
driver.list_users(hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 88, in list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
self.user.get_all_filtered(hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 353, in get_all_filtered
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for user in 
self.get_all(query, hints)]
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 345, in get_all
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi hints=hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File

[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect

2017-04-28 Thread Matthew Edmonds

That I would agree with.

** Changed in: keystone
   Status: Invalid => New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1684994

Title:
  POST v3/auth/tokens API is returning unexpected 500 error when ldap
  credentials are incorrect

Status in OpenStack Identity (keystone):
  New

Bug description:
  When keystone is configured with ldap server as identity backend, if 
incorrect credentials were configured under [ldap] section [1] of domains conf 
file, then POST request on /v3/auth/tokens API with users in ldap is returning 
unexpected 500 error [0] with stacktrace[2] shown below. 
  Instead of unexpected error user should be given a proper message about 
invalid credentials configured.

  [0]
  {"error": {"message": "An unexpected error prevented the server from 
fulfilling your request.", "code": 500, "title": "Internal Server Error"}}

  [1]
  [ldap]
  url = ldap://9.9.9.9
  user = cn=root
  password = <>

  [2]Stacktrace: 
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi 
[req-7b62d1db-64bd-4961-819e-0815bc355636 
02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 
36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 
3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'}
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most 
recent call last):
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in 
__call__
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi result = 
method(req, **params)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
request, filters, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, 
in list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi refs = 
self.identity_api.list_users(domain_scope=domain, hints=hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in 
wrapped
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi __ret_val = 
__f(*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in 
list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi ref_list = 
self._handle_federated_attributes_in_hints(driver, hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in 
_handle_federated_attributes_in_hints
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
driver.list_users(hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 88, in list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
self.user.get_all_filtered(hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 353, in get_all_filtered
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for user in 
self.get_all(query, hints)]
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 345, in get_all
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi hints=hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 1872, in get_all
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
super(EnabledEmuMixIn, self).get_all(ldap_filter, hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 1518, in get_all
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for x in 
self._ldap_get_all(hints, ldap_filter)]
  2017-04-20 09:09:08.304 12300 ERROR

[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect

2017-04-21 Thread Boris Bobrov

You should fix your keystone.conf. If you set incorrect password for
database, or incorrect name for an identity backend, or incorrect value
to any other option, nothing is going to work too. I think it is fine
that it fails this way.

** Changed in: keystone
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1684994

Title:
  POST v3/auth/tokens API is returning unexpected 500 error when ldap
  credentials are incorrect

Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  When keystone is configured with ldap server as identity backend, if 
incorrect credentials were configured under [ldap] section [1] of domains conf 
file, then POST request on /v3/auth/tokens API with users in ldap is returning 
unexpected 500 error [0] with stacktrace[2] shown below. 
  Instead of unexpected error user should be given a proper message about 
invalid credentials configured.

  [0]
  {"error": {"message": "An unexpected error prevented the server from 
fulfilling your request.", "code": 500, "title": "Internal Server Error"}}

  [1]
  [ldap]
  url = ldap://9.9.9.9
  user = cn=root
  password = <>

  [2]Stacktrace: 
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi 
[req-7b62d1db-64bd-4961-819e-0815bc355636 
02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 
36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 
3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'}
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most 
recent call last):
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in 
__call__
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi result = 
method(req, **params)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
request, filters, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, 
in list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi refs = 
self.identity_api.list_users(domain_scope=domain, hints=hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in 
wrapped
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi __ret_val = 
__f(*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, 
*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in 
list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi ref_list = 
self._handle_federated_attributes_in_hints(driver, hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in 
_handle_federated_attributes_in_hints
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
driver.list_users(hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 88, in list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
self.user.get_all_filtered(hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 353, in get_all_filtered
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for user in 
self.get_all(query, hints)]
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 345, in get_all
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi hints=hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 1872, in get_all
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return 
super(EnabledEmuMixIn, self).get_all(ldap_filter, hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File

[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect

[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect

[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect

[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect

[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect

5 matches

Site Navigation

Mail list logo

Footer information