[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect
Reviewed: https://review.openstack.org/475929 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=91f3a2044bb45c29f9a5f771d21ed1c250116aee Submitter: Jenkins Branch:master commit 91f3a2044bb45c29f9a5f771d21ed1c250116aee Author: Gage HugoDate: Tue Jun 20 16:13:33 2017 -0500 Clarify LDAP invalid credentials exception This change catches the invalid credentials exception when binding with LDAP and responds with a more clear error message of "Invalid username or password" instead of just supplying the default 500 error message. Change-Id: I523dd816333ad76cde8f18ae0fa43040a4478524 Closes-Bug: #1684994 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1684994 Title: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect Status in OpenStack Identity (keystone): Fix Released Bug description: When keystone is configured with ldap server as identity backend, if incorrect credentials were configured under [ldap] section [1] of domains conf file, then POST request on /v3/auth/tokens API with users in ldap is returning unexpected 500 error [0] with stacktrace[2] shown below. Instead of unexpected error user should be given a proper message about invalid credentials configured. [0] {"error": {"message": "An unexpected error prevented the server from fulfilling your request.", "code": 500, "title": "Internal Server Error"}} [1] [ldap] url = ldap://9.9.9.9 user = cn=root password = <> [2]Stacktrace: 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi [req-7b62d1db-64bd-4961-819e-0815bc355636 02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'} 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most recent call last): 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__ 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi result = method(req, **params) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, request, filters, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi refs = self.identity_api.list_users(domain_scope=domain, hints=hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in wrapped 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi ref_list = self._handle_federated_attributes_in_hints(driver, hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in _handle_federated_attributes_in_hints 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return driver.list_users(hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 88, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return self.user.get_all_filtered(hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 353, in get_all_filtered 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for user in self.get_all(query, hints)] 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 345, in get_all
[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect
I don't think this is totally invalid. It's right to return a 500, but I think we could improve the error message that goes with that. I.e., add code to raise LDAPServerConnectionError once the bug Breton opened in comment 6 is addressed. ** Changed in: keystone Status: Invalid => New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1684994 Title: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect Status in OpenStack Identity (keystone): New Bug description: When keystone is configured with ldap server as identity backend, if incorrect credentials were configured under [ldap] section [1] of domains conf file, then POST request on /v3/auth/tokens API with users in ldap is returning unexpected 500 error [0] with stacktrace[2] shown below. Instead of unexpected error user should be given a proper message about invalid credentials configured. [0] {"error": {"message": "An unexpected error prevented the server from fulfilling your request.", "code": 500, "title": "Internal Server Error"}} [1] [ldap] url = ldap://9.9.9.9 user = cn=root password = <> [2]Stacktrace: 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi [req-7b62d1db-64bd-4961-819e-0815bc355636 02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'} 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most recent call last): 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__ 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi result = method(req, **params) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, request, filters, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi refs = self.identity_api.list_users(domain_scope=domain, hints=hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in wrapped 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi ref_list = self._handle_federated_attributes_in_hints(driver, hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in _handle_federated_attributes_in_hints 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return driver.list_users(hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 88, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return self.user.get_all_filtered(hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 353, in get_all_filtered 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for user in self.get_all(query, hints)] 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 345, in get_all 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi hints=hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1872, in get_all 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return super(EnabledEmuMixIn, self).get_all(ldap_filter, hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect
We are now giving error code 500, and this is the correct code. 504 is Gateway Timeout, means that one server did not receive a timely response from another server. There is a timely response, and the response says that the server is mis configured. > but the error in the logs leaks information to user that keystone is configured with LDAP as identity backend Logs are ops-only thing. Users don't see logs, only operators do. Sorry, i still believe current behavior is exactly what we want. ** Changed in: keystone Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1684994 Title: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect Status in OpenStack Identity (keystone): Invalid Bug description: When keystone is configured with ldap server as identity backend, if incorrect credentials were configured under [ldap] section [1] of domains conf file, then POST request on /v3/auth/tokens API with users in ldap is returning unexpected 500 error [0] with stacktrace[2] shown below. Instead of unexpected error user should be given a proper message about invalid credentials configured. [0] {"error": {"message": "An unexpected error prevented the server from fulfilling your request.", "code": 500, "title": "Internal Server Error"}} [1] [ldap] url = ldap://9.9.9.9 user = cn=root password = <> [2]Stacktrace: 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi [req-7b62d1db-64bd-4961-819e-0815bc355636 02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'} 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most recent call last): 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__ 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi result = method(req, **params) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, request, filters, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi refs = self.identity_api.list_users(domain_scope=domain, hints=hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in wrapped 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi ref_list = self._handle_federated_attributes_in_hints(driver, hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in _handle_federated_attributes_in_hints 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return driver.list_users(hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 88, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return self.user.get_all_filtered(hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 353, in get_all_filtered 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for user in self.get_all(query, hints)] 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 345, in get_all 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi hints=hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect
That I would agree with. ** Changed in: keystone Status: Invalid => New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1684994 Title: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect Status in OpenStack Identity (keystone): New Bug description: When keystone is configured with ldap server as identity backend, if incorrect credentials were configured under [ldap] section [1] of domains conf file, then POST request on /v3/auth/tokens API with users in ldap is returning unexpected 500 error [0] with stacktrace[2] shown below. Instead of unexpected error user should be given a proper message about invalid credentials configured. [0] {"error": {"message": "An unexpected error prevented the server from fulfilling your request.", "code": 500, "title": "Internal Server Error"}} [1] [ldap] url = ldap://9.9.9.9 user = cn=root password = <> [2]Stacktrace: 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi [req-7b62d1db-64bd-4961-819e-0815bc355636 02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'} 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most recent call last): 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__ 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi result = method(req, **params) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, request, filters, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi refs = self.identity_api.list_users(domain_scope=domain, hints=hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in wrapped 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi ref_list = self._handle_federated_attributes_in_hints(driver, hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in _handle_federated_attributes_in_hints 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return driver.list_users(hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 88, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return self.user.get_all_filtered(hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 353, in get_all_filtered 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for user in self.get_all(query, hints)] 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 345, in get_all 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi hints=hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1872, in get_all 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return super(EnabledEmuMixIn, self).get_all(ldap_filter, hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1518, in get_all 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for x in self._ldap_get_all(hints, ldap_filter)] 2017-04-20 09:09:08.304 12300 ERROR
[Yahoo-eng-team] [Bug 1684994] Re: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect
You should fix your keystone.conf. If you set incorrect password for database, or incorrect name for an identity backend, or incorrect value to any other option, nothing is going to work too. I think it is fine that it fails this way. ** Changed in: keystone Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1684994 Title: POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect Status in OpenStack Identity (keystone): Invalid Bug description: When keystone is configured with ldap server as identity backend, if incorrect credentials were configured under [ldap] section [1] of domains conf file, then POST request on /v3/auth/tokens API with users in ldap is returning unexpected 500 error [0] with stacktrace[2] shown below. Instead of unexpected error user should be given a proper message about invalid credentials configured. [0] {"error": {"message": "An unexpected error prevented the server from fulfilling your request.", "code": 500, "title": "Internal Server Error"}} [1] [ldap] url = ldap://9.9.9.9 user = cn=root password = <> [2]Stacktrace: 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi [req-7b62d1db-64bd-4961-819e-0815bc355636 02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'} 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most recent call last): 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__ 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi result = method(req, **params) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, request, filters, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi refs = self.identity_api.list_users(domain_scope=domain, hints=hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in wrapped 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in wrapper 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi ref_list = self._handle_federated_attributes_in_hints(driver, hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in _handle_federated_attributes_in_hints 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return driver.list_users(hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 88, in list_users 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return self.user.get_all_filtered(hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 353, in get_all_filtered 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for user in self.get_all(query, hints)] 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 345, in get_all 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi hints=hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1872, in get_all 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return super(EnabledEmuMixIn, self).get_all(ldap_filter, hints) 2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File