yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #86448
[Bug 1933109] Re: Non-Latin charated in base DN results in backend initialization failure: ERROR 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)
** Changed in: charm-keystone
Status: Fix Committed => Fix Released
** Changed in: charm-keystone
Milestone: None => 21.04
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1933109
Title:
Non-Latin charated in base DN results in backend initialization
failure: ERROR 'ascii' codec can't decode byte 0xd0 in position 94:
ordinal not in range(128)
Status in OpenStack keystone charm:
Fix Released
Status in OpenStack Keystone LDAP integration:
Invalid
Status in OpenStack Identity (keystone):
Invalid
Bug description:
== Steps to reproduce
Deploy a keystone-ldap charm and provide a following ldap-user DN: "CN=openstack openstack,OU=Технологические пользователи,OU=Users,DC=corp,DC=com"
== Problem statement
cloud: focal-ussuri, latest stable charms
The project I'm working on has an LDAP integration, and I've been
given a following base DN: "CN=openstack openstack,OU=Технологические
пользователи,OU=Users,DC=corp,DC=com", which I'm supplying as a ldap-
user option of keystone-ldap charm.
If I'll remove a non-latin OU part - then Keystone is trying to
authenticate, but failing, complaining about invalid bind credentials.
Then, if I'll return the "OU=Технологические пользователи" part back,
the following occurs in keystone.log:
(keystone.server.flask.request_processing.middleware.auth_context): 2021-06-21 12:23:11,146 ERROR 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/auth_context.py", line 103, in _inner
return method(self, request)
File "/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/auth_context.py", line 358, in process_request
resp = super(AuthContextMiddleware, self).process_request(request)
File "/usr/lib/python3/dist-packages/keystonemiddleware/auth_token/__init__.py", line 409, in process_request
data, user_auth_ref = self._do_fetch_token(
File "/usr/lib/python3/dist-packages/keystonemiddleware/auth_token/__init__.py", line 445, in _do_fetch_token
data = self.fetch_token(token, **kwargs)
File "/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/auth_context.py", line 252, in fetch_token
self.token = self.token_provider_api.validate_token(
File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 115, in wrapped
__ret_val = __f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/keystone/token/provider.py", line 145, in validate_token
token = self._validate_token(token_id)
File "<decorator-gen-26>", line 2, in _validate_token
File "/usr/lib/python3/dist-packages/dogpile/cache/region.py", line 1359, in get_or_create_for_user_func
return self.get_or_create(
File "/usr/lib/python3/dist-packages/dogpile/cache/region.py", line 957, in get_or_create
with Lock(
File "/usr/lib/python3/dist-packages/dogpile/lock.py", line 187, in __enter__
return self._enter()
File "/usr/lib/python3/dist-packages/dogpile/lock.py", line 94, in _enter
generated = self._enter_create(value, createdtime)
File "/usr/lib/python3/dist-packages/dogpile/lock.py", line 180, in _enter_create
return self.creator()
File "/usr/lib/python3/dist-packages/dogpile/cache/region.py", line 915, in gen_value
created_value = creator(
File "/usr/lib/python3/dist-packages/keystone/token/provider.py", line 179, in _validate_token
token.mint(token_id, issued_at)
File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 580, in mint
self._validate_token_user()
File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 503, in _validate_token_user
if not self.user_domain.get('enabled'):
File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 139, in user_domain
if self.user:
File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 133, in user
self.__user = PROVIDERS.identity_api.get_user(self.user_id)
File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 115, in wrapped
__ret_val = __f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 412, in wrapper
self.domain_configs.setup_domain_drivers(
File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 306, in setup_domain_drivers
self._setup_domain_drivers_from_files(standard_driver,
File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 159, in _setup_domain_drivers_from_files
self._load_config_from_file(
File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 125, in _load_config_from_file
domain_config['cfg'](args=[], project='keystone',
File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2131, in __call__
self._namespace = self._parse_cli_opts(args if args is not None
File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2897, in _parse_cli_opts
return self._parse_config_files()
File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2914, in _parse_config_files
ConfigParser._parse_file(config_file, namespace)
File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 1604, in _parse_file
parser.parse()
File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 1559, in parse
return super(ConfigParser, self).parse(f.readlines())
File "/usr/lib/python3.8/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)
(keystone.server.flask.request_processing.middleware.auth_context): 2021-06-21 12:23:14,525 ERROR 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)
Apparently, it's trying to read the domain config and something goes
wrong at this step (as there's even no authentication attempt being
made).
To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-keystone/+bug/1933109/+subscriptions