yahoo-eng-team team mailing list archive

[Launchpad Bug Tracker <1274715@xxxxxxxxxxxxxxxxxx>]

[Expired for Keystone because there has been no activity for 60 days.]

** Changed in: keystone
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1274715

Title:
  LOG.debug not working in LDAP code

Status in OpenStack Identity (Keystone):
  Expired

Bug description:
  When I was first setting up a connection to LDAP via keystone I fought
  through some configuration issues. One of the first issues is that I
  had user_name_attribute incorrect so that it could not validate my
  specified user on a a request like "keystone user-list". Unfortunately
  when the failure scenario here happens, you get no useful logging,
  even with Debug and Verbose enabled. The only message available is:

  2014-01-30 21:41:45.461 9499 WARNING keystone.common.wsgi [-]
  Authorization failed. Could not find user, foo. from 10.33.0.17

  and from the CLI:

  root@test-03:~# keystone user-list
  Could not find user, foo. (HTTP 401)

  It's not even obvious from this that LDAP was used at all much less what the issue might be. I ended up adding my own logging and 
  once I dumped the query that get_by_name ends up calling the issue was obvious:

  (&(cn=foo)(objectClass=inetUser))

  Since in my case cn was incorrect.

  I've been digging some to see if I can add logging here without
  logging every query call without too much success, although I've not
  had a ton of time. If someone has a suggestion I'd be happy to work on
  it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1274715/+subscriptions