I should have said: This is on OpenStack Ocata, deployed with Fuel. On 20/4/17 2:41 pm, Gregory Orange wrote: > We have configured Keystone for LDAP authentication via the > domain_specific_drivers_enabled setting and a file keystone.<domain>.conf, > and by tcpdump and LDAP server logs it appears to be working to some degree. > That is, if the wrong credentials are entered, the response says so. However > with the correct credentials, we get: > > "An error occurred authenticating. Please try again later." > > I'm not sure which of the numerous log entries to post (especially with > various debug options enabled), but this seems relevant: > > 2017-04-20T06:00:09.845090+00:00 node-60 keystone-public: 2017-04-20 > 06:00:09.822 17411 ERROR keystone.common.wsgi > [req-12ca87a2-d790-4397-b703-7ff6ef11fcd1 - - - - -] 'options' > 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi Traceback (most > recent call last): > 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi File > "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 228, in > __call__ > 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi result = > method(req, **params) > 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi File > "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 132, in > authenticate_for_token > 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi > auth_context['user_id'], method_names_set): > 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi File > "/usr/lib/python2.7/dist-packages/keystone/auth/core.py", line 377, in > check_auth_methods_against_rules > 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi mfa_rules = > user_ref['options'].get(ro.MFA_RULES_OPT.option_name, []) > 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi KeyError: 'options' > > I haven't had much luck tracing through those Python files - I can't even see > how they relate to each other which suggests they are using function calls > from includes and I haven't traced that deeply. > > Can anyone help shed light on this?
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack