(juno) Keystone Active Directory LDAP Connection problem
I have a problem when keystone try to query the LDAP server, I have readed a lot of this error but all info is of a previous version, and I cannot find a way to make it work. The error is
In order to perform this operation a successful bind must be completed on the connection.
Here is an output with --debug
argument plus debug_level=3
inside [ldap]
in keystone.conf
2015-02-17 13:51:29.212 29649 DEBUG keystone.middleware.core [-] RBAC: auth_context: {} process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:280
2015-02-17 13:51:29.224 29649 DEBUG keystone.common.wsgi [-] arg_dict: {} __call__ /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py:191
2015-02-17 13:51:29.225 29649 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://10.30.0.156:3268 _common_ldap_initialization /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:571
2015-02-17 13:51:29.225 29649 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1 _common_ldap_initialization /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:575
ldap_create
ldap_url_parse_ext(ldap://10.30.0.156:3268)
2015-02-17 13:51:29.226 29649 DEBUG keystone.common.ldap.core [-] LDAP search: base=OU=Users,DC=synaptic,dc=cl scope=1 filterstr=(&(objectClass=person)) attrs=['userPassword', 'userAccountControl', 'cn', 'mail'] attrsonly=0 search_s /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:926
ldap_search_ext
put_filter: "(&(objectClass=person))"
put_filter: AND
put_filter_list "(objectClass=person)"
put_filter: "(objectClass=person)"
put_filter: simple
put_simple_filter: "objectClass=person"
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 10.30.0.156:3268
ldap_new_socket: 8
ldap_prepare_socket: 8
ldap_connect_to_host: Trying 10.30.0.156:3268
ldap_pvt_connect: fd: 8 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x2a0ab40 msgid 1
wait4msg ld 0x2a0ab40 msgid 1 (infinite timeout)
wait4msg continue ld 0x2a0ab40 msgid 1 all 1
** ld 0x2a0ab40 Connections:
* host: 10.30.0.156 port: 3268 (default)
refcnt: 2 status: Connected
last used: Tue Feb 17 13:51:29 2015
** ld 0x2a0ab40 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x2a0ab40 request count 1 (abandoned 0)
** ld 0x2a0ab40 Response Queue: Empty
ld 0x2a0ab40 response count 0
ldap_chkResponseList ld 0x2a0ab40 msgid 1 all 1
ldap_chkResponseList returns ld 0x2a0ab40 NULL
ldap_int_select
read1msg: ld 0x2a0ab40 msgid 1 all 1
read1msg: ld 0x2a0ab40 msgid 1 message type search-result
read1msg: ld 0x2a0ab40 0 new referrals
read1msg: mark request completed, ld 0x2a0ab40 msgid 1
request done: ld 0x2a0ab40 msgid 1
res_errno: 1, res_error: <000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_err2string
2015-02-17 13:51:29.228 29649 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:899
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed
2015-02-17 13:51:29.228 29649 ERROR keystone.common.wsgi [-] {'info': '000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful ...
Have you provided correct bind user name and password in ldap section ? One thing you can try is get the tcpdump check what queries are going to ldap/
hello, fbuccioni i have the same problem did you manage to make it work?