← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #86425

[Bug 1933109] Re: Non-Latin charated in base DN results in backend initialization failure: ERROR 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)

  Thread PreviousDate PreviousThread Next 
I browsed the current Keystone code, issues and opened reviews, and I
believe this issue is still in Keystone and there is no review that
attempted to address this, even abandoned.

There are other reviews around Keystone, LDAP and non-ASCII chars but
not regarding teaching the encoding to osci.config.

This comment [0] looks like a promising solution and we may want to give
it a try.

Adding Keystone as affected project to this bug. This is probably a
duplicate of lp:1641026

[0] https://bugs.launchpad.net/keystone/+bug/1641026/comments/6


** Also affects: keystone
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1933109

Title:
  Non-Latin charated in base DN results in backend initialization
  failure: ERROR 'ascii' codec can't decode byte 0xd0 in position 94:
  ordinal not in range(128)

Status in OpenStack Keystone LDAP integration:
  Triaged
Status in OpenStack Identity (keystone):
  New

Bug description:
  == Steps to reproduce
  Deploy a keystone-ldap charm and provide a following ldap-user DN: "CN=openstack openstack,OU=Технологические пользователи,OU=Users,DC=corp,DC=com"

  == Problem statement

  cloud: focal-ussuri, latest stable charms

  The project I'm working on has an LDAP integration, and I've been
  given a following base DN: "CN=openstack openstack,OU=Технологические
  пользователи,OU=Users,DC=corp,DC=com", which I'm supplying as a ldap-
  user option of keystone-ldap charm.

  If I'll remove a non-latin OU part - then Keystone is trying to
  authenticate, but failing, complaining about invalid bind credentials.
  Then, if I'll return the "OU=Технологические пользователи" part back,
  the following occurs in keystone.log:

  (keystone.server.flask.request_processing.middleware.auth_context): 2021-06-21 12:23:11,146 ERROR 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)
  Traceback (most recent call last):
    File "/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/auth_context.py", line 103, in _inner
      return method(self, request)
    File "/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/auth_context.py", line 358, in process_request
      resp = super(AuthContextMiddleware, self).process_request(request)
    File "/usr/lib/python3/dist-packages/keystonemiddleware/auth_token/__init__.py", line 409, in process_request
      data, user_auth_ref = self._do_fetch_token(
    File "/usr/lib/python3/dist-packages/keystonemiddleware/auth_token/__init__.py", line 445, in _do_fetch_token
      data = self.fetch_token(token, **kwargs)
    File "/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/auth_context.py", line 252, in fetch_token
      self.token = self.token_provider_api.validate_token(
    File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 115, in wrapped
      __ret_val = __f(*args, **kwargs)
    File "/usr/lib/python3/dist-packages/keystone/token/provider.py", line 145, in validate_token
      token = self._validate_token(token_id)
    File "<decorator-gen-26>", line 2, in _validate_token
    File "/usr/lib/python3/dist-packages/dogpile/cache/region.py", line 1359, in get_or_create_for_user_func
      return self.get_or_create(
    File "/usr/lib/python3/dist-packages/dogpile/cache/region.py", line 957, in get_or_create
      with Lock(
    File "/usr/lib/python3/dist-packages/dogpile/lock.py", line 187, in __enter__
      return self._enter()
    File "/usr/lib/python3/dist-packages/dogpile/lock.py", line 94, in _enter
      generated = self._enter_create(value, createdtime)
   File "/usr/lib/python3/dist-packages/dogpile/lock.py", line 180, in _enter_create
      return self.creator()
    File "/usr/lib/python3/dist-packages/dogpile/cache/region.py", line 915, in gen_value
      created_value = creator(
    File "/usr/lib/python3/dist-packages/keystone/token/provider.py", line 179, in _validate_token
      token.mint(token_id, issued_at)
    File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 580, in mint
      self._validate_token_user()
    File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 503, in _validate_token_user
      if not self.user_domain.get('enabled'):
    File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 139, in user_domain
      if self.user:
    File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 133, in user
      self.__user = PROVIDERS.identity_api.get_user(self.user_id)
    File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 115, in wrapped
      __ret_val = __f(*args, **kwargs)
    File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 412, in wrapper
      self.domain_configs.setup_domain_drivers(
    File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 306, in setup_domain_drivers
      self._setup_domain_drivers_from_files(standard_driver,
    File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 159, in _setup_domain_drivers_from_files
      self._load_config_from_file(
    File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 125, in _load_config_from_file
      domain_config['cfg'](args=[], project='keystone',
    File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2131, in __call__
      self._namespace = self._parse_cli_opts(args if args is not None
    File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2897, in _parse_cli_opts
      return self._parse_config_files()
    File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2914, in _parse_config_files
      ConfigParser._parse_file(config_file, namespace)
    File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 1604, in _parse_file
      parser.parse()
    File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 1559, in parse
      return super(ConfigParser, self).parse(f.readlines())
  File "/usr/lib/python3.8/encodings/ascii.py", line 26, in decode
      return codecs.ascii_decode(input, self.errors)[0]
  UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)
  (keystone.server.flask.request_processing.middleware.auth_context): 2021-06-21 12:23:14,525 ERROR 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)

  Apparently, it's trying to read the domain config and something goes
  wrong at this step (as there's even no authentication attempt being
  made).

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-keystone-ldap/+bug/1933109/+subscriptions
  Thread PreviousDate PreviousThread Next