yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #36422
[Bug 1480334] Re: can't use "$" in password for ldap authentication
This is because of oslo_config's option value interpolation:
http://docs.openstack.org/developer/oslo.config/cfg.html#option-value-interpolation
This can be overriden by using $$ instead of $, but it would be great to
mark some options as not using the interpolation.
** Also affects: oslo.config
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1480334
Title:
can't use "$" in password for ldap authentication
Status in Keystone:
Triaged
Status in oslo.config:
New
Bug description:
keystone can't connect to ldap server if "$" used in password.
keystone.tld.conf
[identity]
driver = keystone.identity.backends.ldap.Identity
[assignment]
driver = keystone.assignment.backends.sql.Assignment
[ldap]
url=ldap://172.16.56.46:389
user=admin_ad@xxxxxxxxxxxx
password=Pa$$w0rd
suffix=dc=keystone,dc=tld
query_scope = sub
user_tree_dn=dc=keystone,dc=tld
user_objectclass=person
user_id_attribute=cn
#user_name_attribute=userPrincipalName
user_name_attribute=cn
use_pool = true
pool_size = 10
pool_retry_max = 3
pool_retry_delay = 0.1
pool_connection_timeout = -1
pool_connection_lifetime = 600
use_auth_pool = true
auth_pool_size = 100
auth_pool_connection_lifetime = 60
debug_level = 4095
Debug from log:
<15>Jul 31 14:00:04 node-1 keystone-all LDAP init: url=ldap://172.16.56.46:389
<15>Jul 31 14:00:04 node-1 keystone-all LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1
<15>Jul 31 14:00:04 node-1 keystone-all LDAP bind: who=CN=admin_ad,CN=Users,DC=keystone,DC=tld
<15>Jul 31 14:00:04 node-1 keystone-all arg_dict: {}
<14>Jul 31 14:00:04 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015 14:00:04] "OPTIONS / HTTP/1.0" 300 919 0.143915
<15>Jul 31 14:00:04 node-1 keystone-all arg_dict: {}
<14>Jul 31 14:00:05 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015 14:00:05] "OPTIONS / HTTP/1.0" 300 921 0.155419
<11>Jul 31 14:00:05 node-1 keystone-all {'info': '80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580', 'desc': 'Invalid credentials'}
while I can connect to server with ldapsearch
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1480334/+subscriptions
References