yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1316686] [NEW] ldap users unable to authenticate

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sarath Menon <1316686@xxxxxxxxxxxxxxxxxx>
Date: Tue, 06 May 2014 16:34:37 -0000
Reply-to: Bug 1316686 <1316686@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

We are running the latest keystone and see this in our logs for all ldap
users. Local authentication works, and the problem happened over the
last couple of weeks. Rolling back to a keystone from April 22nd works
for us. There have been a few ldap related commits since then, we are
trying to isolate the exact change which may be causing this.


2014-05-06 16:24:49,679 (keystone.common.ldap.core): DEBUG core unbind_s LDAP unbind
2014-05-06 16:24:49,679 (keystone.common.ldap.core): DEBUG core connect LDAP init: url=ldap://ldap.internal
2014-05-06 16:24:49,680 (keystone.common.ldap.core): DEBUG core connect LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1
2014-05-06 16:24:49,680 (keystone.common.wsgi): ERROR wsgi __call__ 'str' object has no attribute 'iteritems'
Traceback (most recent call last):
  File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/common/wsgi.py", line 207, in __call__
    result = method(context, **params)
  File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/token/controllers.py", line 98, in authenticate
    context, auth)
  File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/token/controllers.py", line 279, in _authenticate_local
    user_id, tenant_id)
  File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/token/controllers.py", line 358, in _get_project_roles_and_ref
    user_id, tenant_id)
  File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/assignment/core.py", line 180, in get_roles_for_user_and_project
    user_role_list = _get_user_project_roles(user_id, project_ref)
  File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/assignment/core.py", line 161, in _get_user_project_roles
    tenant_id=project_ref['id'])
  File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/identity/backends/isg_ldap_svcuser.py", line 164, in _get_metadata
    group_id=group_id)
  File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 123, in _get_metadata
    tenant_id)
  File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 93, in _get_roles_for_just_user_and_project
    (self.project._id_to_dn(tenant_id))
  File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 550, in get_role_assignments
    self.ldap_filter)
  File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 946, in _ldap_get_list
    six.iteritems(query_params)])))
  File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/six.py", line 498, in iteritems
    return iter(getattr(d, _iteritems)(**kw))
AttributeError: 'str' object has no attribute 'iteritems'

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1316686

Title:
  ldap users unable to authenticate

Status in OpenStack Identity (Keystone):
  New

Bug description:
  We are running the latest keystone and see this in our logs for all
  ldap users. Local authentication works, and the problem happened over
  the last couple of weeks. Rolling back to a keystone from April 22nd
  works for us. There have been a few ldap related commits since then,
  we are trying to isolate the exact change which may be causing this.

  
  2014-05-06 16:24:49,679 (keystone.common.ldap.core): DEBUG core unbind_s LDAP unbind
  2014-05-06 16:24:49,679 (keystone.common.ldap.core): DEBUG core connect LDAP init: url=ldap://ldap.internal
  2014-05-06 16:24:49,680 (keystone.common.ldap.core): DEBUG core connect LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1
  2014-05-06 16:24:49,680 (keystone.common.wsgi): ERROR wsgi __call__ 'str' object has no attribute 'iteritems'
  Traceback (most recent call last):
    File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/common/wsgi.py", line 207, in __call__
      result = method(context, **params)
    File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/token/controllers.py", line 98, in authenticate
      context, auth)
    File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/token/controllers.py", line 279, in _authenticate_local
      user_id, tenant_id)
    File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/token/controllers.py", line 358, in _get_project_roles_and_ref
      user_id, tenant_id)
    File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/assignment/core.py", line 180, in get_roles_for_user_and_project
      user_role_list = _get_user_project_roles(user_id, project_ref)
    File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/assignment/core.py", line 161, in _get_user_project_roles
      tenant_id=project_ref['id'])
    File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/identity/backends/isg_ldap_svcuser.py", line 164, in _get_metadata
      group_id=group_id)
    File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 123, in _get_metadata
      tenant_id)
    File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 93, in _get_roles_for_just_user_and_project
      (self.project._id_to_dn(tenant_id))
    File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 550, in get_role_assignments
      self.ldap_filter)
    File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 946, in _ldap_get_list
      six.iteritems(query_params)])))
    File "/usr/local/share-keystone.venv/lib/python2.6/site-packages/six.py", line 498, in iteritems
      return iter(getattr(d, _iteritems)(**kw))
  AttributeError: 'str' object has no attribute 'iteritems'

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1316686/+subscriptions
Follow ups

[Bug 1316686] Re: ldap users unable to authenticate
From: Launchpad Bug Tracker, 2014-07-06
[Bug 1316686] [NEW] ldap users unable to authenticate
From: Sarath Menon, 2014-05-06
References

[Bug 1316686] [NEW] ldap users unable to authenticate
From: Sarath Menon, 2014-05-06