openstack team mailing list archive

Thread
Date
LDAP + Keystone,, Error after authentication..

To: openstack@xxxxxxxxxxxxxxxxxxx, openstack-community@xxxxxxxxxxxxxxxxxxx
From: yasith tharindu <yasithucsc@xxxxxxxxx>
Date: Tue, 11 Dec 2012 14:45:02 +0530
Hi Team;


I was trying to configure ldap + keystone but it seems not working.  I feel
like authentication is successful but horizon return me python error. Im
unable to trace as its does not give any detail.  Following I have attached
the error, ldap dump, keystone config. I would really appreciate if you can
note me down any configuration error.

My nova version is::   2012.2 (2012.2-LOCALBRANCH:LOCALREVISION)

If its wrong password it returns, "Invalid user name or password." When
type correct credentials but user not in the any of "Group" it return "You
are not authorized for any projects." When type correct credentials and the
user is a member of a group (eg: cn=demo,ou=Groups,dc=example,dc=com), It
returns following error.





################### The error ########################

KeyError at /auth/login/
'name'
Request Method: POST
Request URL: https://192.168.25.240/auth/login/
Django Version: 1.4.1
Exception Type: KeyError
Exception Value:
'name'
Exception Location: /usr/lib/python2.7/dist-packages/openstack_auth/user.py
in create_user_from_token, line 25
Python Executable: /usr/bin/python
Python Version: 2.7.3
Python Path:
['/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../..',
 '/usr/share/openstack-dashboard/openstack_dashboard',
 '/usr/lib/python2.7',
 '/usr/lib/python2.7/plat-linux2',
 '/usr/lib/python2.7/lib-tk',
 '/usr/lib/python2.7/lib-old',
 '/usr/lib/python2.7/lib-dynload',
 '/usr/local/lib/python2.7/dist-packages',
 '/usr/lib/python2.7/dist-packages',
 '/usr/lib/pymodules/python2.7',
 '/usr/share/openstack-dashboard/']


Environment:


Request Method: POST
Request URL: https://192.168.25.240/auth/login/

Django Version: 1.4.1
Python Version: 2.7.3
Installed Applications:
('openstack_dashboard',
 'django.contrib.contenttypes',
 'django.contrib.auth',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.humanize',
 'compressor',
 'horizon',
 'horizon.dashboards.nova',
 'horizon.dashboards.syspanel',
 'horizon.dashboards.settings',
 'openstack_auth')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'horizon.middleware.HorizonMiddleware',
 'django.middleware.doc.XViewMiddleware',
 'django.middleware.locale.LocaleMiddleware')


Traceback:
File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py" in
get_response
  111.                         response = callback(request, *callback_args,
**callback_kwargs)
File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py" in
sensitive_post_parameters_wrapper
  69.             return view(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/django/utils/decorators.py" in
_wrapped_view
  91.                     response = view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/django/views/decorators/cache.py" in
_wrapped_view_func
  89.         response = view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/openstack_auth/views.py" in login
  50.                        extra_context=extra_context)
File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py" in
sensitive_post_parameters_wrapper
  69.             return view(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/django/utils/decorators.py" in
_wrapped_view
  91.                     response = view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/django/views/decorators/cache.py" in
_wrapped_view_func
  89.         response = view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/django/contrib/auth/views.py" in
login
  36.         if form.is_valid():
File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in is_valid
  124.         return self.is_bound and not bool(self.errors)
File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in _get_errors
  115.             self.full_clean()
File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in full_clean
  271.         self._clean_form()
File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in _clean_form
  299.             self.cleaned_data = self.clean()
File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py" in
sensitive_variables_wrapper
  34.             return func(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/openstack_auth/forms.py" in clean
  57.                                            auth_url=region)
File "/usr/lib/python2.7/dist-packages/django/contrib/auth/__init__.py" in
authenticate
  45.             user = backend.authenticate(**credentials)
File "/usr/lib/python2.7/dist-packages/openstack_auth/backend.py" in
authenticate
  113.         user = create_user_from_token(request, token,
client.management_url)
File "/usr/lib/python2.7/dist-packages/openstack_auth/user.py" in
create_user_from_token
  25.                 tenant_name=token.tenant['name'],

Exception Type: KeyError at /auth/login/
Exception Value: 'name'




########################My LDAP dump #####################
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: example Inc
dc: example
structuralObjectClass: organization


dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9cGgrencraEZDWlFDNmR2bmEyM2kyb2RVWXdsK0FlSWg=

dn: ou=Groups,dc=example,dc=com
ou: groups
objectClass: organizationalUnit



dn: ou=Users,dc=example,dc=com
ou: users
objectClass: organizationalUnit


dn: ou=Roles,dc=example,dc=com
ou: roles
objectClass: organizationalUnit
dn: cn=yasith,ou=Users,dc=example,dc=com
cn: yasith
displayName: yasith
givenName: yasith
mail: yasith@xxxxxxxxxxx
objectClass: inetOrgPerson
objectClass: top
sn: yasith
uid: yasith
userPassword:: YWJjMTIz

dn: cn=demo,ou=Users,dc=example,dc=com
cn: demo
displayName: demo
givenName: demo
mail: demo@xxxxxxxxxxx
objectClass: inetOrgPerson
objectClass: top
sn: demo
uid: demo
userPassword:: YWJjMTIz

dn: cn=tharindu,ou=Users,dc=example,dc=com
cn: tharindu
displayName: tharindu
givenName: tharindu
mail: tharindu@xxxxxxxxxxx
objectClass: inetOrgPerson
objectClass: top
sn: tharindu
uid: tharindu
userPassword:: YWJjMTIz

dn: cn=demo,ou=Groups,dc=example,dc=com
cn: demo
member: cn=demo,ou=Users,dc=example,dc=com
member: cn=yasith,ou=Users,dc=example,dc=com
objectClass: groupOfNames


dn: cn=Member,ou=Roles,dc=example,dc=com
cn: member
description: Role associated with openstack users
objectClass: organizationalRole
roleOccupant: cn=demo,ou=Users,dc=example,dc=com





######### Keystone Config #######################################


[ldap]
url = ldap://10.100.0.10
tree_dn = dc=example,dc=com
user_tree_dn = ou=Users,dc=example,dc=com
role_tree_dn = ou=Roles,dc=example,dc=com
tenant_tree_dn = ou=Groups,dc=example,dc=com
user = cn=admin,dc=example,dc=com
password = admin123
suffix = cn=example,cn=com

[identity]
driver = keystone.identity.backends.ldap.Identity


[catalog]
driver = keystone.catalog.backends.sql.Catalog

[token]
driver = keystone.token.backends.sql.Token
Follow ups

Re: LDAP + Keystone,, Error after authentication..
From: Adam Young, 2012-12-11