You should fix your keystone.conf. If you set incorrect password for
database, or incorrect name for an identity backend, or incorrect value
to any other option, nothing is going to work too. I think it is fine
that it fails this way.
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1684994
Title:
POST v3/auth/tokens API is returning unexpected 500 error when ldap
credentials are incorrect
Status in OpenStack Identity (keystone):
Invalid
Bug description:
When keystone is configured with ldap server as identity backend, if
incorrect credentials were configured under [ldap] section [1] of domains conf
file, then POST request on /v3/auth/tokens API with users in ldap is returning
unexpected 500 error [0] with stacktrace[2] shown below.
Instead of unexpected error user should be given a proper message about
invalid credentials configured.
[0]
{"error": {"message": "An unexpected error prevented the server from
fulfilling your request.", "code": 500, "title": "Internal Server Error"}}
[1]
[ldap]
url = ldap://9.9.9.9
user = cn=root
password = <<incorrect password>>
[2]Stacktrace:
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi
[req-7b62d1db-64bd-4961-819e-0815bc355636
02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706
36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002
3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'}
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most
recent call last):
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in
__call__
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi result =
method(req, **params)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in
wrapper
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self,
request, filters, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230,
in list_users
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi refs =
self.identity_api.list_users(domain_scope=domain, hints=hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in
wrapped
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi __ret_val =
__f(*args, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in
wrapper
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self,
*args, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in
wrapper
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self,
*args, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in
list_users
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi ref_list =
self._handle_federated_attributes_in_hints(driver, hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in
_handle_federated_attributes_in_hints
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return
driver.list_users(hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py",
line 88, in list_users
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return
self.user.get_all_filtered(hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py",
line 353, in get_all_filtered
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for user in
self.get_all(query, hints)]
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py",
line 345, in get_all
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi hints=hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py",
line 1872, in get_all
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return
super(EnabledEmuMixIn, self).get_all(ldap_filter, hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py",
line 1518, in get_all
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi for x in
self._ldap_get_all(hints, ldap_filter)]
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/common/driver_hints.py", line 42, in
wrapper
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return f(self,
hints, *args, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py",
line 1474, in _ldap_get_all
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi with
self.get_connection() as conn:
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py",
line 1280, in get_connection
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi
conn.simple_bind_s(user, password)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py",
line 915, in simple_bind_s
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi
clientctrls=clientctrls)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py",
line 762, in simple_bind_s
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi with
self._get_pool_connection() as conn:
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib64/python2.7/contextlib.py", line 17, in __enter__
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi return
self.gen.next()
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 291, in connection
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi conn =
self._get_connection(bind, passwd)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 244, in
_get_connection
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi conn =
self._create_connector(bind, passwd)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 221, in
_create_connector
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi raise exc
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi INVALID_CREDENTIALS:
{'desc': 'Invalid credentials'}
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi
2017-04-20 09:09:13.177 12300 DEBUG keystone.middleware.auth
[req-ab1bbb86-490f-44e9-9c34-57c24b6af1fb - - - - -] Authenticating user token
process_request
/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py:401
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1684994/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
