← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1480334] Re: can't use "$" in password for ldap authentication

 

I'm marking this as invalid for keystone since it affects all components
that use oslo_config.

** Changed in: keystone
       Status: Triaged => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1480334

Title:
  can't use "$" in password for ldap authentication

Status in Keystone:
  Invalid
Status in oslo.config:
  Won't Fix

Bug description:
  keystone can't connect to ldap server if "$" used in password.

  keystone.tld.conf

  [identity]
  driver = keystone.identity.backends.ldap.Identity

  [assignment]
  driver = keystone.assignment.backends.sql.Assignment

  [ldap]
  url=ldap://172.16.56.46:389
  user=admin_ad@xxxxxxxxxxxx
  password=Pa$$w0rd
  suffix=dc=keystone,dc=tld
  query_scope = sub

  user_tree_dn=dc=keystone,dc=tld
  user_objectclass=person
  user_id_attribute=cn
  #user_name_attribute=userPrincipalName
  user_name_attribute=cn

  
  use_pool = true
  pool_size = 10
  pool_retry_max = 3
  pool_retry_delay = 0.1
  pool_connection_timeout = -1
  pool_connection_lifetime = 600

  
  use_auth_pool = true
  auth_pool_size = 100
  auth_pool_connection_lifetime = 60

  debug_level = 4095

  
  Debug from log:
  <15>Jul 31 14:00:04 node-1 keystone-all LDAP init: url=ldap://172.16.56.46:389
  <15>Jul 31 14:00:04 node-1 keystone-all LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1
  <15>Jul 31 14:00:04 node-1 keystone-all LDAP bind: who=CN=admin_ad,CN=Users,DC=keystone,DC=tld
  <15>Jul 31 14:00:04 node-1 keystone-all arg_dict: {}
  <14>Jul 31 14:00:04 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015 14:00:04] "OPTIONS / HTTP/1.0" 300 919 0.143915
  <15>Jul 31 14:00:04 node-1 keystone-all arg_dict: {}
  <14>Jul 31 14:00:05 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015 14:00:05] "OPTIONS / HTTP/1.0" 300 921 0.155419
  <11>Jul 31 14:00:05 node-1 keystone-all {'info': '80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580', 'desc': 'Invalid credentials'}

  while I can connect to server with ldapsearch

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1480334/+subscriptions


References