Public bug reported: keystone can't connect to ldap server if "$" used in password.
keystone.tld.conf [identity] driver = keystone.identity.backends.ldap.Identity [assignment] driver = keystone.assignment.backends.sql.Assignment [ldap] url=ldap://172.16.56.46:389 user=admin...@keystone.tld password=Pa$$w0rd suffix=dc=keystone,dc=tld query_scope = sub user_tree_dn=dc=keystone,dc=tld user_objectclass=person user_id_attribute=cn #user_name_attribute=userPrincipalName user_name_attribute=cn use_pool = true pool_size = 10 pool_retry_max = 3 pool_retry_delay = 0.1 pool_connection_timeout = -1 pool_connection_lifetime = 600 use_auth_pool = true auth_pool_size = 100 auth_pool_connection_lifetime = 60 debug_level = 4095 Debug from log: <15>Jul 31 14:00:04 node-1 keystone-all LDAP init: url=ldap://172.16.56.46:389 <15>Jul 31 14:00:04 node-1 keystone-all LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1 <15>Jul 31 14:00:04 node-1 keystone-all LDAP bind: who=CN=admin_ad,CN=Users,DC=keystone,DC=tld <15>Jul 31 14:00:04 node-1 keystone-all arg_dict: {} <14>Jul 31 14:00:04 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015 14:00:04] "OPTIONS / HTTP/1.0" 300 919 0.143915 <15>Jul 31 14:00:04 node-1 keystone-all arg_dict: {} <14>Jul 31 14:00:05 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015 14:00:05] "OPTIONS / HTTP/1.0" 300 921 0.155419 <11>Jul 31 14:00:05 node-1 keystone-all {'info': '80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580', 'desc': 'Invalid credentials'} while I can connect to server with ldapsearch ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1480334 Title: can't use "$" in password for ldap authentication Status in Keystone: New Bug description: keystone can't connect to ldap server if "$" used in password. keystone.tld.conf [identity] driver = keystone.identity.backends.ldap.Identity [assignment] driver = keystone.assignment.backends.sql.Assignment [ldap] url=ldap://172.16.56.46:389 user=admin...@keystone.tld password=Pa$$w0rd suffix=dc=keystone,dc=tld query_scope = sub user_tree_dn=dc=keystone,dc=tld user_objectclass=person user_id_attribute=cn #user_name_attribute=userPrincipalName user_name_attribute=cn use_pool = true pool_size = 10 pool_retry_max = 3 pool_retry_delay = 0.1 pool_connection_timeout = -1 pool_connection_lifetime = 600 use_auth_pool = true auth_pool_size = 100 auth_pool_connection_lifetime = 60 debug_level = 4095 Debug from log: <15>Jul 31 14:00:04 node-1 keystone-all LDAP init: url=ldap://172.16.56.46:389 <15>Jul 31 14:00:04 node-1 keystone-all LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1 <15>Jul 31 14:00:04 node-1 keystone-all LDAP bind: who=CN=admin_ad,CN=Users,DC=keystone,DC=tld <15>Jul 31 14:00:04 node-1 keystone-all arg_dict: {} <14>Jul 31 14:00:04 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015 14:00:04] "OPTIONS / HTTP/1.0" 300 919 0.143915 <15>Jul 31 14:00:04 node-1 keystone-all arg_dict: {} <14>Jul 31 14:00:05 node-1 keystone-all 192.168.0.2 - - [31/Jul/2015 14:00:05] "OPTIONS / HTTP/1.0" 300 921 0.155419 <11>Jul 31 14:00:05 node-1 keystone-all {'info': '80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580', 'desc': 'Invalid credentials'} while I can connect to server with ldapsearch To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1480334/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
