yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #82654
[Bug 1878929] [NEW] LDAP user issue
Public bug reported:
Hi,
We have a rocky setup in which we have integrated our LDAP with
keystone. All LDAP users are able to log into horizon without any issues
except for one user. He is a LDAP member but when tries logging into
horizon, we are observing the following errors in the keystone log:
--------------------
May 15 07:43:39 c1w-keystone-container-d7c676b4 keystone-wsgi-public[17692]: 2020-05-15 07:43:39.362 17692 WARNING py.warnings [req-38586df4-b1f2-4443-a5b4-208d76e241e8 9ca30f42033f4e93b72f9be304f66726 e12b8e37797b4fbf8d0d6b28d4b61848 - default default] /openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/oslo_policy/policy.py:896: UserWarning: Policy identity:list_domains failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
May 15 07:43:39 c1w-keystone-container-d7c676b4 uwsgi[17682]: [pid: 17692|app: 0|req: 9761/156161] 172.29.239.225 () {42 vars in 750 bytes} [Fri May 15 07:43:39 2020] GET /v3/domains?name=example.com => generated 348 bytes in 49 msecs (HTTP/1.1 200) 5 headers in 177 bytes (1 switches on core 0)
May 15 07:43:39 c1w-keystone-container-d7c676b4 keystone-wsgi-public[17697]: 2020-05-15 07:43:39.603 17697 INFO keystone.common.wsgi [req-988f0421-6720-460a-a976-6db5ed2f2ba6 9ca30f42033f4e93b72f9be304f66726 e12b8e37797b4fbf8d0d6b28d4b61848 - default default] GET http://wtl-int.example.cloud:5000/v3/users/eb32979cbb97bc64051b32290186dc0a0cd583bd8f54c18879ca2543fca40b20/projects?domain_id=f7834cb0083b4f8f81184b6595b46b34
May 15 07:43:39 c1w-keystone-container-d7c676b4 keystone-wsgi-public[17697]: 2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi [req-988f0421-6720-460a-a976-6db5ed2f2ba6 9ca30f42033f4e93b72f9be304f66726 e12b8e37797b4fbf8d0d6b28d4b61848 - default default] 'ascii' codec can't decode byte 0xc3 in position 27: ordinal not in range(128): UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 27: ordinal not in range(128)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi Traceback (most recent call last):
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/common/wsgi.py", line 148, in __call__
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi result = method(req, **params)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/common/controller.py", line 103, in wrapper
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return f(self, request, filters, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 50, in list_user_projects
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi refs = PROVIDERS.assignment_api.list_projects_for_user(user_id)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/cache/region.py", line 1270, in decorate
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi should_cache_fn)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/cache/region.py", line 864, in get_or_create
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi async_creator) as value:
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/lock.py", line 186, in __enter__
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return self._enter()
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/lock.py", line 93, in _enter
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi generated = self._enter_create(value, createdtime)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/lock.py", line 179, in _enter_create
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return self.creator()
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/cache/region.py", line 831, in gen_value
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi created_value = creator()
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/cache/region.py", line 1266, in creator
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return fn(*arg, **kw)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/assignment/core.py", line 236, in list_projects_for_user
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi user_id=user_id, effective=True)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/assignment/core.py", line 1011, in list_role_assignments
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi strip_domain_roles)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/assignment/core.py", line 866, in _list_effective_role_assignments
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi group_ids = self._get_group_ids_for_user_id(user_id)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/assignment/core.py", line 87, in _get_group_ids_for_user_id
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi x in PROVIDERS.identity_api.list_groups_for_user(user_id)]
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/core.py", line 416, in wrapper
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/core.py", line 426, in wrapper
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/core.py", line 1316, in list_groups_for_user
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi ref_list = driver.list_groups_for_user(entity_id, hints)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 113, in list_groups_for_user
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return self.group.list_user_groups_filtered(user_dn, hints)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 426, in list_user_groups_filtered
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return self.get_all_filtered(hints, query)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 471, in get_all_filtered
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi for group in self.get_all(query, hints)]
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1564, in get_all
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi for x in self._ldap_get_all(hints, ldap_filter)]
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/common/driver_hints.py", line 42, in wrapper
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return f(self, hints, *args, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1499, in _ldap_get_all
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi self.id_attr)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 27: ordinal not in range(128)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi
----------------------------------
Is this a known issue ? Please help with this issue.
Thanks
Kumar
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1878929
Title:
LDAP user issue
Status in OpenStack Identity (keystone):
New
Bug description:
Hi,
We have a rocky setup in which we have integrated our LDAP with
keystone. All LDAP users are able to log into horizon without any
issues except for one user. He is a LDAP member but when tries logging
into horizon, we are observing the following errors in the keystone
log:
--------------------
May 15 07:43:39 c1w-keystone-container-d7c676b4 keystone-wsgi-public[17692]: 2020-05-15 07:43:39.362 17692 WARNING py.warnings [req-38586df4-b1f2-4443-a5b4-208d76e241e8 9ca30f42033f4e93b72f9be304f66726 e12b8e37797b4fbf8d0d6b28d4b61848 - default default] /openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/oslo_policy/policy.py:896: UserWarning: Policy identity:list_domains failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
May 15 07:43:39 c1w-keystone-container-d7c676b4 uwsgi[17682]: [pid: 17692|app: 0|req: 9761/156161] 172.29.239.225 () {42 vars in 750 bytes} [Fri May 15 07:43:39 2020] GET /v3/domains?name=example.com => generated 348 bytes in 49 msecs (HTTP/1.1 200) 5 headers in 177 bytes (1 switches on core 0)
May 15 07:43:39 c1w-keystone-container-d7c676b4 keystone-wsgi-public[17697]: 2020-05-15 07:43:39.603 17697 INFO keystone.common.wsgi [req-988f0421-6720-460a-a976-6db5ed2f2ba6 9ca30f42033f4e93b72f9be304f66726 e12b8e37797b4fbf8d0d6b28d4b61848 - default default] GET http://wtl-int.example.cloud:5000/v3/users/eb32979cbb97bc64051b32290186dc0a0cd583bd8f54c18879ca2543fca40b20/projects?domain_id=f7834cb0083b4f8f81184b6595b46b34
May 15 07:43:39 c1w-keystone-container-d7c676b4 keystone-wsgi-public[17697]: 2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi [req-988f0421-6720-460a-a976-6db5ed2f2ba6 9ca30f42033f4e93b72f9be304f66726 e12b8e37797b4fbf8d0d6b28d4b61848 - default default] 'ascii' codec can't decode byte 0xc3 in position 27: ordinal not in range(128): UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 27: ordinal not in range(128)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi Traceback (most recent call last):
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/common/wsgi.py", line 148, in __call__
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi result = method(req, **params)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/common/controller.py", line 103, in wrapper
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return f(self, request, filters, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 50, in list_user_projects
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi refs = PROVIDERS.assignment_api.list_projects_for_user(user_id)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/cache/region.py", line 1270, in decorate
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi should_cache_fn)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/cache/region.py", line 864, in get_or_create
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi async_creator) as value:
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/lock.py", line 186, in __enter__
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return self._enter()
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/lock.py", line 93, in _enter
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi generated = self._enter_create(value, createdtime)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/lock.py", line 179, in _enter_create
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return self.creator()
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/cache/region.py", line 831, in gen_value
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi created_value = creator()
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/dogpile/cache/region.py", line 1266, in creator
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return fn(*arg, **kw)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/assignment/core.py", line 236, in list_projects_for_user
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi user_id=user_id, effective=True)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/assignment/core.py", line 1011, in list_role_assignments
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi strip_domain_roles)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/assignment/core.py", line 866, in _list_effective_role_assignments
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi group_ids = self._get_group_ids_for_user_id(user_id)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/assignment/core.py", line 87, in _get_group_ids_for_user_id
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi x in PROVIDERS.identity_api.list_groups_for_user(user_id)]
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/core.py", line 416, in wrapper
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/core.py", line 426, in wrapper
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/core.py", line 1316, in list_groups_for_user
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi ref_list = driver.list_groups_for_user(entity_id, hints)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 113, in list_groups_for_user
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return self.group.list_user_groups_filtered(user_dn, hints)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 426, in list_user_groups_filtered
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return self.get_all_filtered(hints, query)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", line 471, in get_all_filtered
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi for group in self.get_all(query, hints)]
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1564, in get_all
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi for x in self._ldap_get_all(hints, ldap_filter)]
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/common/driver_hints.py", line 42, in wrapper
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi return f(self, hints, *args, **kwargs)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi File "/openstack/venvs/keystone-18.1.9/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 1499, in _ldap_get_all
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi self.id_attr)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 27: ordinal not in range(128)
2020-05-15 07:43:39.625 17697 ERROR keystone.common.wsgi
----------------------------------
Is this a known issue ? Please help with this issue.
Thanks
Kumar
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1878929/+subscriptions
