[Yahoo-eng-team] [Bug 1643301] [NEW] bootstrapping keystone failed when LDAP backend is in use

Dave Chen Sun, 20 Nov 2016 03:51:04 -0800

Public bug reported:

"keystone-manage bootstrap" command is coded for SQL backend, it's
should be okay if admin token is always supported by keystone, but we
have a plan to remove the support of admin token since it's expose a
security risk. And the patch to remove the support of write operation
for LDAP backend is on the fly.


Based on the above consideration, we should enable the bootrapping
keystone when using LDAP backend, but it currently not work sometimes,
for example.


# keystone-manage bootstrap --bootstrap-username Dave --bootstrap-password 
abc123 --bootstrap-project-name admin --bootstrap-role-name admin
        
        
        2016-10-27 16:26:29.845 11359 TRACE keystone     return 
self.result(msgid,all=1,timeout=self.timeout)
        2016-10-27 16:26:29.845 11359 TRACE keystone   File 
"/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 497, in result
        2016-10-27 16:26:29.845 11359 TRACE keystone     resp_type, resp_data, 
resp_msgid = self.result2(msgid,all,timeout)
        2016-10-27 16:26:29.845 11359 TRACE keystone   File 
"/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 501, in 
result2
        2016-10-27 16:26:29.845 11359 TRACE keystone     resp_type, resp_data, 
resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
        2016-10-27 16:26:29.845 11359 TRACE keystone   File 
"/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 508, in 
result3
        2016-10-27 16:26:29.845 11359 TRACE keystone     
resp_ctrl_classes=resp_ctrl_classes
        2016-10-27 16:26:29.845 11359 TRACE keystone   File 
"/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 515, in 
result4
        2016-10-27 16:26:29.845 11359 TRACE keystone     ldap_result = 
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
        2016-10-27 16:26:29.845 11359 TRACE keystone   File 
"/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in 
_ldap_call
        2016-10-27 16:26:29.845 11359 TRACE keystone     result = 
func(*args,**kwargs)
        2016-10-27 16:26:29.845 11359 TRACE keystone UNDEFINED_TYPE: {'info': 
'enabled: attribute type undefined', 'desc': 'Undefined attribute type'}

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1643301

Title:
  bootstrapping keystone failed when LDAP backend is in use

Status in OpenStack Identity (keystone):
  New

Bug description:
  "keystone-manage bootstrap" command is coded for SQL backend, it's
  should be okay if admin token is always supported by keystone, but we
  have a plan to remove the support of admin token since it's expose a
  security risk. And the patch to remove the support of write operation
  for LDAP backend is on the fly.

  Based on the above consideration, we should enable the bootrapping
  keystone when using LDAP backend, but it currently not work sometimes,
  for example.

  
  # keystone-manage bootstrap --bootstrap-username Dave --bootstrap-password 
abc123 --bootstrap-project-name admin --bootstrap-role-name admin
        
        
        2016-10-27 16:26:29.845 11359 TRACE keystone     return 
self.result(msgid,all=1,timeout=self.timeout)
        2016-10-27 16:26:29.845 11359 TRACE keystone   File 
"/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 497, in result
        2016-10-27 16:26:29.845 11359 TRACE keystone     resp_type, resp_data, 
resp_msgid = self.result2(msgid,all,timeout)
        2016-10-27 16:26:29.845 11359 TRACE keystone   File 
"/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 501, in 
result2
        2016-10-27 16:26:29.845 11359 TRACE keystone     resp_type, resp_data, 
resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
        2016-10-27 16:26:29.845 11359 TRACE keystone   File 
"/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 508, in 
result3
        2016-10-27 16:26:29.845 11359 TRACE keystone     
resp_ctrl_classes=resp_ctrl_classes
        2016-10-27 16:26:29.845 11359 TRACE keystone   File 
"/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 515, in 
result4
        2016-10-27 16:26:29.845 11359 TRACE keystone     ldap_result = 
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
        2016-10-27 16:26:29.845 11359 TRACE keystone   File 
"/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in 
_ldap_call
        2016-10-27 16:26:29.845 11359 TRACE keystone     result = 
func(*args,**kwargs)
        2016-10-27 16:26:29.845 11359 TRACE keystone UNDEFINED_TYPE: {'info': 
'enabled: attribute type undefined', 'desc': 'Undefined attribute type'}

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1643301/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1643301] [NEW] bootstrapping keystone failed when LDAP backend is in use

Reply via email to