← Back to team overview

openstack team mailing list archive

Re: LDAP + Keystone,, Error after authentication..

 

On 12/11/2012 04:15 AM, yasith tharindu wrote:
Hi Team;


I was trying to configure ldap + keystone but it seems not working. I feel like authentication is successful but horizon return me python error. Im unable to trace as its does not give any detail. Following I have attached the error, ldap dump, keystone config. I would really appreciate if you can note me down any configuration error.



My nova version is::   2012.2 (2012.2-LOCALBRANCH:LOCALREVISION)

If its wrong password it returns, "Invalid user name or password."
That sounds right


When type correct credentials but user not in the any of "Group" it return "You are not authorized for any projects."

Yes

When type correct credentials and the user is a member of a group (eg: cn=demo,ou=Groups,dc=example,dc=com), It returns following error.
It looks like some poor error handling in Horizon, to start. The Key error means token.tenant['name'] is not defined in the object. Which probably means that it doesn't have a real token or something. I'm guessing that token.tenant is None at this point.


Does it work from the Keystone CLI? Isolate your problem, is it Keystone, or is it Horizon.






################### The error ########################

KeyError at /auth/login/
'name'
Request Method:POST
Request URL:https://192.168.25.240/auth/login/
Django Version:1.4.1
Exception Type:KeyError
Exception Value:
'name'
Exception Location:/usr/lib/python2.7/dist-packages/openstack_auth/user.py in create_user_from_token, line 25
Python Executable:/usr/bin/python
Python Version:2.7.3
Python Path:
['/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../..',
 '/usr/share/openstack-dashboard/openstack_dashboard',
 '/usr/lib/python2.7',
 '/usr/lib/python2.7/plat-linux2',
 '/usr/lib/python2.7/lib-tk',
 '/usr/lib/python2.7/lib-old',
 '/usr/lib/python2.7/lib-dynload',
 '/usr/local/lib/python2.7/dist-packages',
 '/usr/lib/python2.7/dist-packages',
 '/usr/lib/pymodules/python2.7',
 '/usr/share/openstack-dashboard/']


Environment:


Request Method: POST
Request URL: https://192.168.25.240/auth/login/

Django Version: 1.4.1
Python Version: 2.7.3
Installed Applications:
('openstack_dashboard',
 'django.contrib.contenttypes',
 'django.contrib.auth',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.humanize',
 'compressor',
 'horizon',
 'horizon.dashboards.nova',
 'horizon.dashboards.syspanel',
 'horizon.dashboards.settings',
 'openstack_auth')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'horizon.middleware.HorizonMiddleware',
 'django.middleware.doc.XViewMiddleware',
 'django.middleware.locale.LocaleMiddleware')


Traceback:
File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py" in get_response 111. response = callback(request, *callback_args, **callback_kwargs) File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py" in sensitive_post_parameters_wrapper
  69.             return view(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/django/utils/decorators.py" in _wrapped_view
  91.                     response = view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/django/views/decorators/cache.py" in _wrapped_view_func
  89.         response = view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/openstack_auth/views.py" in login
  50.                        extra_context=extra_context)
File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py" in sensitive_post_parameters_wrapper
  69.             return view(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/django/utils/decorators.py" in _wrapped_view
  91.                     response = view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/django/views/decorators/cache.py" in _wrapped_view_func
  89.         response = view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/django/contrib/auth/views.py" in login
  36.         if form.is_valid():
File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in is_valid
  124.         return self.is_bound and not bool(self.errors)
File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in _get_errors
  115.             self.full_clean()
File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in full_clean
  271.         self._clean_form()
File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in _clean_form
  299.             self.cleaned_data = self.clean()
File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py" in sensitive_variables_wrapper
  34.             return func(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/openstack_auth/forms.py" in clean
  57.  auth_url=region)
File "/usr/lib/python2.7/dist-packages/django/contrib/auth/__init__.py" in authenticate
  45.             user = backend.authenticate(**credentials)
File "/usr/lib/python2.7/dist-packages/openstack_auth/backend.py" in authenticate 113. user = create_user_from_token(request, token, client.management_url) File "/usr/lib/python2.7/dist-packages/openstack_auth/user.py" in create_user_from_token
  25.                 tenant_name=token.tenant['name'],

Exception Type: KeyError at /auth/login/
Exception Value: 'name'




########################My LDAP dump #####################
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: example Inc
dc: example
structuralObjectClass: organization


dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9cGgrencraEZDWlFDNmR2bmEyM2kyb2RVWXdsK0FlSWg=

dn: ou=Groups,dc=example,dc=com
ou: groups
objectClass: organizationalUnit



dn: ou=Users,dc=example,dc=com
ou: users
objectClass: organizationalUnit


dn: ou=Roles,dc=example,dc=com
ou: roles
objectClass: organizationalUnit
dn: cn=yasith,ou=Users,dc=example,dc=com
cn: yasith
displayName: yasith
givenName: yasith
mail: yasith@xxxxxxxxxxx <mailto:yasith@xxxxxxxxxxx>
objectClass: inetOrgPerson
objectClass: top
sn: yasith
uid: yasith
userPassword:: YWJjMTIz

dn: cn=demo,ou=Users,dc=example,dc=com
cn: demo
displayName: demo
givenName: demo
mail: demo@xxxxxxxxxxx <mailto:demo@xxxxxxxxxxx>
objectClass: inetOrgPerson
objectClass: top
sn: demo
uid: demo
userPassword:: YWJjMTIz

dn: cn=tharindu,ou=Users,dc=example,dc=com
cn: tharindu
displayName: tharindu
givenName: tharindu
mail: tharindu@xxxxxxxxxxx <mailto:tharindu@xxxxxxxxxxx>
objectClass: inetOrgPerson
objectClass: top
sn: tharindu
uid: tharindu
userPassword:: YWJjMTIz

dn: cn=demo,ou=Groups,dc=example,dc=com
cn: demo
member: cn=demo,ou=Users,dc=example,dc=com
member: cn=yasith,ou=Users,dc=example,dc=com
objectClass: groupOfNames


dn: cn=Member,ou=Roles,dc=example,dc=com
cn: member
description: Role associated with openstack users
objectClass: organizationalRole
roleOccupant: cn=demo,ou=Users,dc=example,dc=com





######### Keystone Config #######################################


[ldap]
url = ldap://10.100.0.10 <http://10.100.0.10>
tree_dn = dc=example,dc=com
user_tree_dn = ou=Users,dc=example,dc=com
role_tree_dn = ou=Roles,dc=example,dc=com
tenant_tree_dn = ou=Groups,dc=example,dc=com
user = cn=admin,dc=example,dc=com
password = admin123
suffix = cn=example,cn=com

[identity]
driver = keystone.identity.backends.ldap.Identity


[catalog]
driver = keystone.catalog.backends.sql.Catalog

[token]
driver = keystone.token.backends.sql.Token



_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


References