Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

(juno) Keystone Active Directory LDAP Connection problem

I have a problem when keystone try to query the LDAP server, I have readed a lot of this error but all info is of a previous version, and I cannot find a way to make it work. The error is

In order to perform this operation a successful bind must be completed on the connection.

Here is an output with --debug argument plus debug_level=3 inside [ldap] in keystone.conf

2015-02-17 13:51:29.212 29649 DEBUG keystone.middleware.core [-] RBAC: auth_context: {} process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:280 
2015-02-17 13:51:29.224 29649 DEBUG keystone.common.wsgi [-] arg_dict: {} __call__ /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py:191 
2015-02-17 13:51:29.225 29649 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://10.30.0.156:3268 _common_ldap_initialization /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:571 
2015-02-17 13:51:29.225 29649 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1 _common_ldap_initialization /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:575 
ldap_create 
ldap_url_parse_ext(ldap://10.30.0.156:3268) 
2015-02-17 13:51:29.226 29649 DEBUG keystone.common.ldap.core [-] LDAP search: base=OU=Users,DC=synaptic,dc=cl scope=1 filterstr=(&(objectClass=person)) attrs=['userPassword', 'userAccountControl', 'cn', 'mail'] attrsonly=0 search_s /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:926 
ldap_search_ext 
put_filter: "(&(objectClass=person))" 
put_filter: AND 
put_filter_list "(objectClass=person)" 
put_filter: "(objectClass=person)" 
put_filter: simple 
put_simple_filter: "objectClass=person" 
ldap_send_initial_request 
ldap_new_connection 1 1 0 
ldap_int_open_connection 
ldap_connect_to_host: TCP 10.30.0.156:3268 
ldap_new_socket: 8 
ldap_prepare_socket: 8 
ldap_connect_to_host: Trying 10.30.0.156:3268 
ldap_pvt_connect: fd: 8 tm: -1 async: 0 
ldap_open_defconn: successful 
ldap_send_server_request 
ldap_result ld 0x2a0ab40 msgid 1 
wait4msg ld 0x2a0ab40 msgid 1 (infinite timeout) 
wait4msg continue ld 0x2a0ab40 msgid 1 all 1 
** ld 0x2a0ab40 Connections: 
* host: 10.30.0.156  port: 3268  (default) 
  refcnt: 2  status: Connected 
  last used: Tue Feb 17 13:51:29 2015 


** ld 0x2a0ab40 Outstanding Requests: 
 * msgid 1,  origid 1, status InProgress 
   outstanding referrals 0, parent count 0 
  ld 0x2a0ab40 request count 1 (abandoned 0) 
** ld 0x2a0ab40 Response Queue: Empty 
  ld 0x2a0ab40 response count 0 
ldap_chkResponseList ld 0x2a0ab40 msgid 1 all 1 
ldap_chkResponseList returns ld 0x2a0ab40 NULL 
ldap_int_select 
read1msg: ld 0x2a0ab40 msgid 1 all 1 
read1msg: ld 0x2a0ab40 msgid 1 message type search-result 
read1msg: ld 0x2a0ab40 0 new referrals 
read1msg:  mark request completed, ld 0x2a0ab40 msgid 1 
request done: ld 0x2a0ab40 msgid 1 
res_errno: 1, res_error: <000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1>, res_matched: <> 
ldap_free_request (origid 1, msgid 1) 
ldap_parse_result 
ldap_msgfree 
ldap_err2string 
2015-02-17 13:51:29.228 29649 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:899 
ldap_free_connection 1 1 
ldap_send_unbind 
ldap_free_connection: actually freed 
2015-02-17 13:51:29.228 29649 ERROR keystone.common.wsgi [-] {'info': '000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1', 'desc': 'Operations error'}

This is my keystone.conf file

[DEFAULT]
log_dir=/var/log/keystone

[database]
connection=mysql://keystone:***@localhost/cloud_keystone

[identity]
# driver = keystone.identity.backends.sql.Identity
driver = keystone.identity.backends.ldap.Identity

[resource]
driver = keystone.resource.backends.sql.Resource

[assignment]
driver = keystone.assignment.backends.sql.Assignment

[role]
driver = keystone.assignment.role_backends.sql.Role

[ldap]
url                      = ldap://0.0.0.0
user                     = cn=OpenStack,cn=Users,dc=domain,dc=tld
pssword                  = ******
suffix                   = dc=domain,dc=tld
use_dumb_member          = True
dumb_member              = cn=OpenStack,cn=Users,dc=domain,dc=tld
chase_referrals          = 0
debug_level              = 3

user_tree_dn             = OU=Users,DC=domain,dc=tld
user_objectclass         = person
user_filter              =
user_id_attribute        = cn
user_name_attribute      = cn
user_mail_attribute      = mail
user_pass_attribute      =
user_enabled_attribute   = userAccountControl
user_enabled_mask        = 2
user_enabled_default     = 512
user_allow_create        = False
user_allow_update        = False
user_allow_delete        = False

Keystone version (juno)

$ keystone --version
0.10.1