https://bugs.launchpad.net/keystone/+bug/1662762

I ran into this with an install of Ocata on ubuntu from packages (not using 
fuel). It sounds like you might be hitting this same issue. I was able to 
resolve it by grabbing core.py from the Ocata version of the fix for this bug 
and dropping it in place.

Hope that helps.

Kind regards,

-Chris

> On Apr 20, 2017, at 7:47 AM, Gregory Orange <gregory.ora...@pawsey.org.au> 
> wrote:
> 
> I should have said: This is on OpenStack Ocata, deployed with Fuel.
> 
>> On 20/4/17 2:41 pm, Gregory Orange wrote:
>> We have configured Keystone for LDAP authentication via the 
>> domain_specific_drivers_enabled setting and a file keystone.<domain>.conf, 
>> and by tcpdump and LDAP server logs it appears to be working to some degree. 
>> That is, if the wrong credentials are entered, the response says so. However 
>> with the correct credentials, we get:
>> 
>> "An error occurred authenticating. Please try again later."
>> 
>> I'm not sure which of the numerous log entries to post (especially with 
>> various debug options enabled), but this seems relevant:
>> 
>> 2017-04-20T06:00:09.845090+00:00 node-60 keystone-public: 2017-04-20 
>> 06:00:09.822 17411 ERROR keystone.common.wsgi 
>> [req-12ca87a2-d790-4397-b703-7ff6ef11fcd1 - - - - -] 'options'
>> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi Traceback (most 
>> recent call last):
>> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi   File 
>> "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 228, in 
>> __call__
>> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi     result = 
>> method(req, **params)
>> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi   File 
>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 132, 
>> in authenticate_for_token
>> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi     
>> auth_context['user_id'], method_names_set):
>> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi   File 
>> "/usr/lib/python2.7/dist-packages/keystone/auth/core.py", line 377, in 
>> check_auth_methods_against_rules
>> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi     mfa_rules = 
>> user_ref['options'].get(ro.MFA_RULES_OPT.option_name, [])
>> 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi KeyError: 'options'
>> 
>> I haven't had much luck tracing through those Python files - I can't even 
>> see how they relate to each other which suggests they are using function 
>> calls from includes and I haven't traced that deeply.
>> 
>> Can anyone help shed light on this?
> 
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to