Python error when trying to connect Keystone with LDAP - possible bug?
TLDR: I'm trying to connect to an existing LDAP for authentication. When username and password are correct, I get a python error, saying that u'TRUE' is not a Boolean.
For my university, I'm setting up an OpenStack for providing students with VMs. Right now, we are testing the setup inside a VM.
We are running Ubuntu 18.04 Server, using the Cloud Image. We're using OpenStack Rocky. I'm working through the official install guide and have set up the environment and installed Keystone so far. Now, I'm trying to get our institute's LDAP to work as the authentication provider, i.e. I want everyone who has an active account in our LDAP to be able to log in to OpenStack.
This is my current Keystone.conf (with anonymized urls etc):
[DEFAULT]
log_dir = /var/log/keystone
[database]
connection = mysql+pymysql://keystone:WrG8OAiO@controller/keystone
[extra_headers]
Distribution = Ubuntu
[identity]
driver = ldap
[ldap]
debug_level = 4095
url = ldap://ldap.institute.department.university.example
user = uid=openstack,ou=users,dc=institute,dc=department,dc=university,dc=example
password = XXX
suffix = dc=institute,dc=department,dc=university,dc=example
query_scope = sub
user_tree_dn = ou=users,dc=institute,dc=department,dc=university,dc=example
user_filter = (departementSupposedGroup=departmentusers)
user_objectclass = inetOrgPerson
user_id_attribute = uid
user_name_attribute = uid
user_description_attribute = displayName
user_mail_attribute = mail
user_pass_attribute = userPassword
user_enabled_attribute = departmentAccountEnabled
user_enabled_default = TRUE
user_attribute_ignore = default_project_id
[token]
provider = fernet
I've installed the python-ldappool dependency.
I set these environment variables:
OS_USERNAME=admin
OS_PROJECT_NAME=admin
OS_USER_DOMAIN_NAME=Default
OS_PROJECT_DOMAIN_NAME=Default
OS_IDENTITY_API_VERSION=3
Then, I try to request an authentication token:
$ openstack --os-auth-url http://controller:5000/v3 --os-username user token issue
When I enter the password correctly, the following error is printed:
An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-11d2a6fe-a34b-4514-ba0a-18d0cddcaad2)
This is written to /var/log/keystone/keystone-wsgi-public.log:
2018-11-07 14:33:28.547 11120 INFO keyring.backend [-] Loading Windows (alt)
2018-11-07 14:33:28.558 11120 INFO keyring.backend [-] Loading pyfs
2018-11-07 14:33:28.560 11120 INFO keyring.backend [-] Loading multi
2018-11-07 14:33:28.560 11120 INFO keyring.backend [-] Loading Google
2018-11-07 14:33:28.561 11120 INFO keyring.backend [-] Loading Gnome
2018-11-07 14:33:28.568 11120 INFO keyring.backend [-] Loading keyczar
2018-11-07 14:33:28.568 11120 INFO keyring.backend [-] Loading file
2018-11-07 14:33:30.328 11123 INFO keyring.backend [-] Loading Windows (alt)
2018-11-07 14:33:30.338 11123 INFO keyring.backend [-] Loading pyfs
2018-11-07 14:33:30.339 11123 INFO keyring.backend [-] Loading multi
2018-11-07 14:33:30.340 11123 INFO keyring.backend [-] Loading Google
2018-11-07 14:33:30.341 11123 INFO keyring.backend [-] Loading Gnome
2018-11-07 14:33:30.347 11123 INFO keyring.backend [-] Loading keyczar
2018-11-07 14:33:30.347 11123 INFO keyring.backend [-] Loading file
2018-11-07 14:33:30.434 11123 INFO keystone.common.wsgi [req-11d2a6fe-a34b-4514-ba0a-18d0cddcaad2 - - - - -] POST http://controller:5000/v3/auth/tokens
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters [req-11d2a6fe-a34b-4514-ba0a-18d0cddcaad2 - - - - -] DB exception wrapped.: TypeError: Not a boolean value: u'TRUE'
2018-11-07 14:33:30.623 ...
