Ask Your Question
0

Python error when trying to connect Keystone with LDAP - possible bug?

asked 2018-11-07 08:54:00 -0600

TLDR: I'm trying to connect to an existing LDAP for authentication. When username and password are correct, I get a python error, saying that u'TRUE' is not a Boolean.


For my university, I'm setting up an OpenStack for providing students with VMs. Right now, we are testing the setup inside a VM.

We are running Ubuntu 18.04 Server, using the Cloud Image. We're using OpenStack Rocky. I'm working through the official install guide and have set up the environment and installed Keystone so far. Now, I'm trying to get our institute's LDAP to work as the authentication provider, i.e. I want everyone who has an active account in our LDAP to be able to log in to OpenStack.

This is my current Keystone.conf (with anonymized urls etc):

[DEFAULT]
log_dir = /var/log/keystone
[database]
connection = mysql+pymysql://keystone:WrG8OAiO@controller/keystone
[extra_headers]
Distribution = Ubuntu
[identity]
driver = ldap
[ldap]
debug_level = 4095
url = ldap://ldap.institute.department.university.example
user = uid=openstack,ou=users,dc=institute,dc=department,dc=university,dc=example
password = XXX
suffix = dc=institute,dc=department,dc=university,dc=example
query_scope = sub
user_tree_dn = ou=users,dc=institute,dc=department,dc=university,dc=example
user_filter = (departementSupposedGroup=departmentusers)
user_objectclass = inetOrgPerson
user_id_attribute = uid
user_name_attribute = uid
user_description_attribute = displayName
user_mail_attribute = mail
user_pass_attribute = userPassword
user_enabled_attribute = departmentAccountEnabled
user_enabled_default = TRUE
user_attribute_ignore = default_project_id
[token]
provider = fernet

I've installed the python-ldappool dependency.

I set these environment variables:

OS_USERNAME=admin
OS_PROJECT_NAME=admin
OS_USER_DOMAIN_NAME=Default
OS_PROJECT_DOMAIN_NAME=Default
OS_IDENTITY_API_VERSION=3

Then, I try to request an authentication token:

$ openstack --os-auth-url http://controller:5000/v3 --os-username user token issue

When I enter the password correctly, the following error is printed:

An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-11d2a6fe-a34b-4514-ba0a-18d0cddcaad2)

This is written to /var/log/keystone/keystone-wsgi-public.log:

2018-11-07 14:33:28.547 11120 INFO keyring.backend [-] Loading Windows (alt)
2018-11-07 14:33:28.558 11120 INFO keyring.backend [-] Loading pyfs
2018-11-07 14:33:28.560 11120 INFO keyring.backend [-] Loading multi
2018-11-07 14:33:28.560 11120 INFO keyring.backend [-] Loading Google
2018-11-07 14:33:28.561 11120 INFO keyring.backend [-] Loading Gnome
2018-11-07 14:33:28.568 11120 INFO keyring.backend [-] Loading keyczar
2018-11-07 14:33:28.568 11120 INFO keyring.backend [-] Loading file
2018-11-07 14:33:30.328 11123 INFO keyring.backend [-] Loading Windows (alt)
2018-11-07 14:33:30.338 11123 INFO keyring.backend [-] Loading pyfs
2018-11-07 14:33:30.339 11123 INFO keyring.backend [-] Loading multi
2018-11-07 14:33:30.340 11123 INFO keyring.backend [-] Loading Google
2018-11-07 14:33:30.341 11123 INFO keyring.backend [-] Loading Gnome
2018-11-07 14:33:30.347 11123 INFO keyring.backend [-] Loading keyczar
2018-11-07 14:33:30.347 11123 INFO keyring.backend [-] Loading file
2018-11-07 14:33:30.434 11123 INFO keystone.common.wsgi [req-11d2a6fe-a34b-4514-ba0a-18d0cddcaad2 - - - - -] POST http://controller:5000/v3/auth/tokens
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters [req-11d2a6fe-a34b-4514-ba0a-18d0cddcaad2 - - - - -] DB exception wrapped.: TypeError: Not a boolean value: u'TRUE'
2018-11-07 14:33:30.623 ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2018-11-07 17:52:14 -0600

user_enabled_defaultshould be a number: https://docs.openstack.org/keystone/r....

edit flag offensive delete link more

Comments

Thanks for your reply. However, I don't understand how to choose the correct integer for user_enabled_default; the default value of 512 doesn't work and still produces the same error. Can anyone help me understand this?

dasnessie gravatar imagedasnessie ( 2018-11-14 03:58:39 -0600 )edit

Perhaps the error is not related to user_enabled_default. Can't tell what it might be right now.

Bernd Bausch gravatar imageBernd Bausch ( 2018-11-14 05:10:19 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2018-11-07 08:52:36 -0600

Seen: 13 times

Last updated: Nov 07