yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #79055
[Bug 1834342] [NEW] LDAP authentication fails with UnicodeDecodeError
Public bug reported:
Running Keystone from OpenStack-Ansible 18.1.7 (i.e
openstack/keystone@00242bd1977de4b1be62aaae2b47853a534c4d32) with an
LDAP backend, I cannot authenticate with `openstack token issue`. My
username and password contain only ascii characters, but my full name
("Benoît Knecht") does contain non-ascii characters. The exception
thrown by Keystone is
```
Jun 26 13:01:31 controller-dc1r02n03-keystone-container-ef875a91 keystone-wsgi-public[613]: 2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi [req-44bb4719-a496-4ae0-9656-d446501a58a0 - - - - -] 'ascii' codec can't decode byte 0xc3 in position 22: ordinal not in range(128): UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 22: ordinal not in range(128)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi Traceback (most recent call last):
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/common/wsgi.py", line 148, in __call__
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi result = method(req, **params)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/auth/controllers.py", line 102, in authenticate_for_token
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi app_cred_id=app_cred_id, parent_audit_id=token_audit_id)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/token/provider.py", line 252, in issue_token
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi token.mint(token_id, issued_at)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/models/token_model.py", line 534, in mint
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi self._validate_project_scope()
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/models/token_model.py", line 486, in _validate_project_scope
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi if self.project_scoped and not self.roles:
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/models/token_model.py", line 422, in roles
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi roles = self._get_project_roles()
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/models/token_model.py", line 386, in _get_project_roles
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi self.user_id, self.project_id
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/cache/region.py", line 1270, in decorate
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi should_cache_fn)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/cache/region.py", line 864, in get_or_create
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi async_creator) as value:
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/lock.py", line 186, in __enter__
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return self._enter()
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/lock.py", line 93, in _enter
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi generated = self._enter_create(value, createdtime)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/lock.py", line 179, in _enter_create
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return self.creator()
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/cache/region.py", line 831, in gen_value
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi created_value = creator()
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/cache/region.py", line 1266, in creator
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return fn(*arg, **kw)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/assignment/core.py", line 128, in get_roles_for_user_and_project
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi user_id=user_id, project_id=tenant_id, effective=True)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/assignment/core.py", line 1011, in list_role_assignments
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi strip_domain_roles)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/assignment/core.py", line 866, in _list_effective_role_assignments
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi group_ids = self._get_group_ids_for_user_id(user_id)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/assignment/core.py", line 87, in _get_group_ids_for_user_id
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi x in PROVIDERS.identity_api.list_groups_for_user(user_id)]
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/core.py", line 416, in wrapper
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/core.py", line 426, in wrapper
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/core.py", line 1316, in list_groups_for_user
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi ref_list = driver.list_groups_for_user(entity_id, hints)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 113, in list_groups_for_user
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return self.group.list_user_groups_filtered(user_dn, hints)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 426, in list_user_groups_filtered
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return self.get_all_filtered(hints, query)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 471, in get_all_filtered
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi for group in self.get_all(query, hints)]
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1564, in get_all
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi for x in self._ldap_get_all(hints, ldap_filter)]
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/common/driver_hints.py", line 42, in wrapper
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return f(self, hints, *args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1499, in _ldap_get_all
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi self.id_attr)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 22: ordinal not in range(128)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi
```
Users without non-ascii characters in their name are able to
authenticate just fine.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1834342
Title:
LDAP authentication fails with UnicodeDecodeError
Status in OpenStack Identity (keystone):
New
Bug description:
Running Keystone from OpenStack-Ansible 18.1.7 (i.e
openstack/keystone@00242bd1977de4b1be62aaae2b47853a534c4d32) with an
LDAP backend, I cannot authenticate with `openstack token issue`. My
username and password contain only ascii characters, but my full name
("Benoît Knecht") does contain non-ascii characters. The exception
thrown by Keystone is
```
Jun 26 13:01:31 controller-dc1r02n03-keystone-container-ef875a91 keystone-wsgi-public[613]: 2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi [req-44bb4719-a496-4ae0-9656-d446501a58a0 - - - - -] 'ascii' codec can't decode byte 0xc3 in position 22: ordinal not in range(128): UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 22: ordinal not in range(128)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi Traceback (most recent call last):
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/common/wsgi.py", line 148, in __call__
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi result = method(req, **params)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/auth/controllers.py", line 102, in authenticate_for_token
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi app_cred_id=app_cred_id, parent_audit_id=token_audit_id)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/token/provider.py", line 252, in issue_token
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi token.mint(token_id, issued_at)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/models/token_model.py", line 534, in mint
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi self._validate_project_scope()
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/models/token_model.py", line 486, in _validate_project_scope
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi if self.project_scoped and not self.roles:
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/models/token_model.py", line 422, in roles
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi roles = self._get_project_roles()
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/models/token_model.py", line 386, in _get_project_roles
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi self.user_id, self.project_id
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/cache/region.py", line 1270, in decorate
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi should_cache_fn)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/cache/region.py", line 864, in get_or_create
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi async_creator) as value:
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/lock.py", line 186, in __enter__
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return self._enter()
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/lock.py", line 93, in _enter
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi generated = self._enter_create(value, createdtime)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/lock.py", line 179, in _enter_create
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return self.creator()
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/cache/region.py", line 831, in gen_value
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi created_value = creator()
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/dogpile/cache/region.py", line 1266, in creator
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return fn(*arg, **kw)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/assignment/core.py", line 128, in get_roles_for_user_and_project
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi user_id=user_id, project_id=tenant_id, effective=True)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/assignment/core.py", line 1011, in list_role_assignments
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi strip_domain_roles)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/assignment/core.py", line 866, in _list_effective_role_assignments
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi group_ids = self._get_group_ids_for_user_id(user_id)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/assignment/core.py", line 87, in _get_group_ids_for_user_id
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi x in PROVIDERS.identity_api.list_groups_for_user(user_id)]
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/core.py", line 416, in wrapper
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/core.py", line 426, in wrapper
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/core.py", line 1316, in list_groups_for_user
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi ref_list = driver.list_groups_for_user(entity_id, hints)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 113, in list_groups_for_user
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return self.group.list_user_groups_filtered(user_dn, hints)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 426, in list_user_groups_filtered
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return self.get_all_filtered(hints, query)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 471, in get_all_filtered
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi for group in self.get_all(query, hints)]
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1564, in get_all
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi for x in self._ldap_get_all(hints, ldap_filter)]
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/common/driver_hints.py", line 42, in wrapper
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi return f(self, hints, *args, **kwargs)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.7.dev28/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1499, in _ldap_get_all
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi self.id_attr)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 22: ordinal not in range(128)
2019-06-26 13:01:31.155 613 ERROR keystone.common.wsgi
```
Users without non-ascii characters in their name are able to
authenticate just fine.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1834342/+subscriptions
