TLDR: I'm trying to connect to an existing LDAP for authentication. When username and password are correct, I get a python error, saying that u'TRUE' is not a Boolean.
For my university, I'm setting up an OpenStack for providing students with VMs. Right now, we are testing the setup inside a VM.
We are running Ubuntu 18.04 Server, using the Cloud Image. We're using OpenStack Rocky. I'm working through the official install guide and have set up the environment and installed Keystone so far. Now, I'm trying to get our institute's LDAP to work as the authentication provider, i.e. I want everyone who has an active account in our LDAP to be able to log in to OpenStack.
This is my current Keystone.conf (with anonymized urls etc):
[DEFAULT]
log_dir = /var/log/keystone
[database]
connection = mysql+pymysql://keystone:WrG8OAiO@controller/keystone
[extra_headers]
Distribution = Ubuntu
[identity]
driver = ldap
[ldap]
debug_level = 4095
url = ldap://ldap.institute.department.university.example
user = uid=openstack,ou=users,dc=institute,dc=department,dc=university,dc=example
password = XXX
suffix = dc=institute,dc=department,dc=university,dc=example
query_scope = sub
user_tree_dn = ou=users,dc=institute,dc=department,dc=university,dc=example
user_filter = (departementSupposedGroup=departmentusers)
user_objectclass = inetOrgPerson
user_id_attribute = uid
user_name_attribute = uid
user_description_attribute = displayName
user_mail_attribute = mail
user_pass_attribute = userPassword
user_enabled_attribute = departmentAccountEnabled
user_enabled_default = TRUE
user_attribute_ignore = default_project_id
[token]
provider = fernet
I've installed the python-ldappool dependency.
I set these environment variables:
OS_USERNAME=admin
OS_PROJECT_NAME=admin
OS_USER_DOMAIN_NAME=Default
OS_PROJECT_DOMAIN_NAME=Default
OS_IDENTITY_API_VERSION=3
Then, I try to request an authentication token:
$ openstack --os-auth-url http://controller:5000/v3 --os-username user token issue
When I enter the password correctly, the following error is printed:
An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-11d2a6fe-a34b-4514-ba0a-18d0cddcaad2)
This is written to /var/log/keystone/keystone-wsgi-public.log:
2018-11-07 14:33:28.547 11120 INFO keyring.backend [-] Loading Windows (alt)
2018-11-07 14:33:28.558 11120 INFO keyring.backend [-] Loading pyfs
2018-11-07 14:33:28.560 11120 INFO keyring.backend [-] Loading multi
2018-11-07 14:33:28.560 11120 INFO keyring.backend [-] Loading Google
2018-11-07 14:33:28.561 11120 INFO keyring.backend [-] Loading Gnome
2018-11-07 14:33:28.568 11120 INFO keyring.backend [-] Loading keyczar
2018-11-07 14:33:28.568 11120 INFO keyring.backend [-] Loading file
2018-11-07 14:33:30.328 11123 INFO keyring.backend [-] Loading Windows (alt)
2018-11-07 14:33:30.338 11123 INFO keyring.backend [-] Loading pyfs
2018-11-07 14:33:30.339 11123 INFO keyring.backend [-] Loading multi
2018-11-07 14:33:30.340 11123 INFO keyring.backend [-] Loading Google
2018-11-07 14:33:30.341 11123 INFO keyring.backend [-] Loading Gnome
2018-11-07 14:33:30.347 11123 INFO keyring.backend [-] Loading keyczar
2018-11-07 14:33:30.347 11123 INFO keyring.backend [-] Loading file
2018-11-07 14:33:30.434 11123 INFO keystone.common.wsgi [req-11d2a6fe-a34b-4514-ba0a-18d0cddcaad2 - - - - -] POST http://controller:5000/v3/auth/tokens
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters [req-11d2a6fe-a34b-4514-ba0a-18d0cddcaad2 - - - - -] DB exception wrapped.: TypeError: Not a boolean value: u'TRUE'
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters Traceback (most recent call last):
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1127, in _execute_context
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters context = constructor(dialect, self, conn, *args)
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py", line 694, in _init_compiled
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters for key in compiled_params
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py", line 694, in <genexpr>
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters for key in compiled_params
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters File "/usr/lib/python2.7/dist-packages/sqlalchemy/sql/sqltypes.py", line 1700, in process
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters value = _strict_as_bool(value)
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters File "/usr/lib/python2.7/dist-packages/sqlalchemy/sql/sqltypes.py", line 1677, in _strict_as_bool
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters "Not a boolean value: %r" % value)
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters TypeError: Not a boolean value: u'TRUE'
2018-11-07 14:33:30.623 11123 ERROR oslo_db.sqlalchemy.exc_filters
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi [req-11d2a6fe-a34b-4514-ba0a-18d0cddcaad2 - - - - -] (exceptions.TypeError) Not a boolean value: u'TRUE' [SQL: u'INSERT INTO user (id, domain_id, enabled, extra, default_project_id, created_at, last_active_at) VALUES (%(id)s, %(domain_id)s, %(enabled)s, %(extra)s, %(default_project_id)s, %(created_at)s, %(last_active_at)s)'] [parameters: [{'last_active_at': None, 'extra': {'email': u'john.doe@university.example', 'description': u'John Doe'}, 'created_at': datetime.datetime(2018, 11, 7, 14, 33, 30, 620317), 'enabled': u'TRUE', 'id': u'doe', 'default_project_id': None, 'domain_id': 'default'}]]: DBError: (exceptions.TypeError) Not a boolean value: u'TRUE' [SQL: u'INSERT INTO user (id, domain_id, enabled, extra, default_project_id, created_at, last_active_at) VALUES (%(id)s, %(domain_id)s, %(enabled)s, %(extra)s, %(default_project_id)s, %(created_at)s, %(last_active_at)s)'] [parameters: [{'last_active_at': None, 'extra': {'email': u'john.doe@university.example', 'description': u'John Doe'}, 'created_at': datetime.datetime(2018, 11, 7, 14, 33, 30, 620317), 'enabled': u'TRUE', 'id': u'doe', 'default_project_id': None, 'domain_id': 'default'}]]
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi Traceback (most recent call last):
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 148, in __call__
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi result = method(req, **params)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 67, in authenticate_for_token
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi self.authenticate(request, auth_info, auth_context)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 236, in authenticate
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi auth_info.get_method_data(method_name))
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/auth/plugins/password.py", line 37, in authenticate
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi password=user_info.password)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 116, in wrapped
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/notifications.py", line 521, in wrapper
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi result = f(wrapped_self, request, user_id, *args, **kwargs)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 416, in wrapper
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 426, in wrapper
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 913, in authenticate
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi ref = self._shadow_nonlocal_user(ref)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1220, in decorate
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi should_cache_fn)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 825, in get_or_create
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi async_creator) as value:
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/lock.py", line 154, in __enter__
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi return self._enter()
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/lock.py", line 94, in _enter
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi generated = self._enter_create(createdtime)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/lock.py", line 145, in _enter_create
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi created = self.creator()
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 792, in gen_value
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi created_value = creator()
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1216, in creator
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi return fn(*arg, **kw)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 1409, in _shadow_nonlocal_user
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi return PROVIDERS.shadow_users_api.create_nonlocal_user(user)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/sql/core.py", line 516, in wrapper
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi return method(*args, **kwargs)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/identity/shadow_backends/sql.py", line 161, in create_nonlocal_user
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi return identity_base.filter_user(new_user_ref.to_dict())
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/contextlib.py", line 24, in __exit__
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi self.gen.next()
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py", line 1043, in _transaction_scope
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi yield resource
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/contextlib.py", line 24, in __exit__
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi self.gen.next()
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py", line 653, in _session
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi self.session.rollback()
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 220, in __exit__
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi self.force_reraise()
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 196, in force_reraise
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi six.reraise(self.type_, self.value, self.tb)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py", line 650, in _session
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi self._end_session_transaction(self.session)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py", line 678, in _end_session_transaction
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi session.commit()
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 943, in commit
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi self.transaction.commit()
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 467, in commit
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi self._prepare_impl()
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 447, in _prepare_impl
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi self.session.flush()
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 2254, in flush
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi self._flush(objects)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 2380, in _flush
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi transaction.rollback(_capture_exception=True)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/util/langhelpers.py", line 66, in __exit__
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi compat.reraise(exc_type, exc_value, exc_tb)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 2344, in _flush
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi flush_context.execute()
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/unitofwork.py", line 391, in execute
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi rec.execute(self)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/unitofwork.py", line 556, in execute
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi uow
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/persistence.py", line 181, in save_obj
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi mapper, table, insert)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/persistence.py", line 830, in _emit_insert_statements
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi execute(statement, multiparams)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 948, in execute
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi return meth(self, multiparams, params)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/sql/elements.py", line 269, in _execute_on_connection
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi return connection._execute_clauseelement(self, multiparams, params)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1060, in _execute_clauseelement
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi compiled_sql, distilled_params
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1132, in _execute_context
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi None, None)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1409, in _handle_dbapi_exception
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi util.raise_from_cause(newraise, exc_info)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/util/compat.py", line 203, in raise_from_cause
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi reraise(type(exception), exception, tb=exc_tb, cause=cause)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1127, in _execute_context
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi context = constructor(dialect, self, conn, *args)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py", line 694, in _init_compiled
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi for key in compiled_params
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py", line 694, in <genexpr>
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi for key in compiled_params
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/sql/sqltypes.py", line 1700, in process
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi value = _strict_as_bool(value)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/sqlalchemy/sql/sqltypes.py", line 1677, in _strict_as_bool
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi "Not a boolean value: %r" % value)
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi DBError: (exceptions.TypeError) Not a boolean value: u'TRUE' [SQL: u'INSERT INTO user (id, domain_id, enabled, extra, default_project_id, created_at, last_active_at) VALUES (%(id)s, %(domain_id)s, %(enabled)s, %(extra)s, %(default_project_id)s, %(created_at)s, %(last_active_at)s)'] [parameters: [{'last_active_at': None, 'extra': {'email': u'john.doe@university.example', 'description': u'John Doe'}, 'created_at': datetime.datetime(2018, 11, 7, 14, 33, 30, 620317), 'enabled': u'TRUE', 'id': u'doe', 'default_project_id': None, 'domain_id': 'default'}]]
2018-11-07 14:33:30.668 11123 ERROR keystone.common.wsgi
Does anyone have an idea what I am doing wrong or if this is a bug? Has anyone else experienced this? Any help is appreciated.