I should have said: This is on OpenStack Ocata, deployed with Fuel.

On 20/4/17 2:41 pm, Gregory Orange wrote:
> We have configured Keystone for LDAP authentication via the 
> domain_specific_drivers_enabled setting and a file keystone.<domain>.conf, 
> and by tcpdump and LDAP server logs it appears to be working to some degree. 
> That is, if the wrong credentials are entered, the response says so. However 
> with the correct credentials, we get:
> 
> "An error occurred authenticating. Please try again later."
> 
> I'm not sure which of the numerous log entries to post (especially with 
> various debug options enabled), but this seems relevant:
> 
> 2017-04-20T06:00:09.845090+00:00 node-60 keystone-public: 2017-04-20 
> 06:00:09.822 17411 ERROR keystone.common.wsgi 
> [req-12ca87a2-d790-4397-b703-7ff6ef11fcd1 - - - - -] 'options'
> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi Traceback (most 
> recent call last):
> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi   File 
> "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 228, in 
> __call__
> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi     result = 
> method(req, **params)
> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi   File 
> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 132, in 
> authenticate_for_token
> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi     
> auth_context['user_id'], method_names_set):
> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi   File 
> "/usr/lib/python2.7/dist-packages/keystone/auth/core.py", line 377, in 
> check_auth_methods_against_rules
> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi     mfa_rules = 
> user_ref['options'].get(ro.MFA_RULES_OPT.option_name, [])
> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi KeyError: 'options'
> 
> I haven't had much luck tracing through those Python files - I can't even see 
> how they relate to each other which suggests they are using function calls 
> from includes and I haven't traced that deeply.
> 
> Can anyone help shed light on this?

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to