tokens API is returning unexpected 500 error when ldap credentials are incorrect

prashkre Thu, 20 Apr 2017 11:52:01 -0700

Public bug reported:

When keystone is configured with ldap server as identity backend, if incorrect 
credentials were configured under [ldap] section [1] of domains conf file, then 
POST request on /v3/auth/tokens API with users in ldap is returning unexpected 
500 error [0] with stacktrace[2] shown below. 
Instead of unexpected error user should be given a proper message about invalid 
credentials configured.


[0]
{"error": {"message": "An unexpected error prevented the server from fulfilling 
your request.", "code": 500, "title": "Internal Server Error"}}

[1]
[ldap]
url = ldap://9.9.9.9
user = cn=root
password = <<incorrect password>>

[2]Stacktrace: 
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi 
[req-7b62d1db-64bd-4961-819e-0815bc355636 
02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 
36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 
3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'}
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most recent 
call last):
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in 
__call__
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     result = 
method(req, **params)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in 
wrapper
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return f(self, 
request, filters, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, 
in list_users
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     refs = 
self.identity_api.list_users(domain_scope=domain, hints=hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in 
wrapped
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     __ret_val = 
__f(*args, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in 
wrapper
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return f(self, 
*args, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in 
wrapper
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return f(self, 
*args, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in 
list_users
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     ref_list = 
self._handle_federated_attributes_in_hints(driver, hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in 
_handle_federated_attributes_in_hints
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return 
driver.list_users(hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 88, in list_users
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return 
self.user.get_all_filtered(hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 353, in get_all_filtered
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     for user in 
self.get_all(query, hints)]
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 345, in get_all
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     hints=hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 1872, in get_all
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return 
super(EnabledEmuMixIn, self).get_all(ldap_filter, hints)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 1518, in get_all
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     for x in 
self._ldap_get_all(hints, ldap_filter)]
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/driver_hints.py", line 42, in 
wrapper
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return f(self, 
hints, *args, **kwargs)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 1474, in _ldap_get_all
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     with 
self.get_connection() as conn:
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 1280, in get_connection
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     
conn.simple_bind_s(user, password)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 915, in simple_bind_s
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     
clientctrls=clientctrls)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 762, in simple_bind_s
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     with 
self._get_pool_connection() as conn:
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib64/python2.7/contextlib.py", line 17, in __enter__
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return 
self.gen.next()
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 291, in connection
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     conn = 
self._get_connection(bind, passwd)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 244, in 
_get_connection
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     conn = 
self._create_connector(bind, passwd)
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 221, in 
_create_connector
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     raise exc
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi INVALID_CREDENTIALS: 
{'desc': 'Invalid credentials'}
2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi
2017-04-20 09:09:13.177 12300 DEBUG keystone.middleware.auth 
[req-ab1bbb86-490f-44e9-9c34-57c24b6af1fb - - - - -] Authenticating user token 
process_request 
/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py:401

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1684994

Title:
  POST v3/auth/tokens API is returning unexpected 500 error when ldap
  credentials are incorrect

Status in OpenStack Identity (keystone):
  New

Bug description:
  When keystone is configured with ldap server as identity backend, if 
incorrect credentials were configured under [ldap] section [1] of domains conf 
file, then POST request on /v3/auth/tokens API with users in ldap is returning 
unexpected 500 error [0] with stacktrace[2] shown below. 
  Instead of unexpected error user should be given a proper message about 
invalid credentials configured.

  [0]
  {"error": {"message": "An unexpected error prevented the server from 
fulfilling your request.", "code": 500, "title": "Internal Server Error"}}

  [1]
  [ldap]
  url = ldap://9.9.9.9
  user = cn=root
  password = <<incorrect password>>

  [2]Stacktrace: 
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi 
[req-7b62d1db-64bd-4961-819e-0815bc355636 
02b49a455f5c9d9561881683c0f09919c5ab38a6eeed6de5c4ae3523df2dc706 
36b96caa022742a1b74692b29bd044a7 - 3ae481350a504cbdaf35e18b8753d002 
3ae481350a504cbdaf35e18b8753d002] {'desc': 'Invalid credentials'}
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi Traceback (most 
recent call last):
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in 
__call__
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     result = 
method(req, **params)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return f(self, 
request, filters, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 230, 
in list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     refs = 
self.identity_api.list_users(domain_scope=domain, hints=hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in 
wrapped
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     __ret_val = 
__f(*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 413, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return f(self, 
*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 423, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return f(self, 
*args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1027, in 
list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     ref_list = 
self._handle_federated_attributes_in_hints(driver, hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 1010, in 
_handle_federated_attributes_in_hints
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return 
driver.list_users(hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 88, in list_users
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return 
self.user.get_all_filtered(hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 353, in get_all_filtered
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     for user in 
self.get_all(query, hints)]
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/core.py", 
line 345, in get_all
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     hints=hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 1872, in get_all
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return 
super(EnabledEmuMixIn, self).get_all(ldap_filter, hints)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 1518, in get_all
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     for x in 
self._ldap_get_all(hints, ldap_filter)]
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/common/driver_hints.py", line 42, in 
wrapper
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return f(self, 
hints, *args, **kwargs)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 1474, in _ldap_get_all
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     with 
self.get_connection() as conn:
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 1280, in get_connection
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     
conn.simple_bind_s(user, password)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 915, in simple_bind_s
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     
clientctrls=clientctrls)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", 
line 762, in simple_bind_s
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     with 
self._get_pool_connection() as conn:
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib64/python2.7/contextlib.py", line 17, in __enter__
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     return 
self.gen.next()
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 291, in connection
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     conn = 
self._get_connection(bind, passwd)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 244, in 
_get_connection
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     conn = 
self._create_connector(bind, passwd)
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi   File 
"/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 221, in 
_create_connector
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi     raise exc
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi INVALID_CREDENTIALS: 
{'desc': 'Invalid credentials'}
  2017-04-20 09:09:08.304 12300 ERROR keystone.common.wsgi
  2017-04-20 09:09:13.177 12300 DEBUG keystone.middleware.auth 
[req-ab1bbb86-490f-44e9-9c34-57c24b6af1fb - - - - -] Authenticating user token 
process_request 
/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py:401

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1684994/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1684994] [NEW] POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect

Reply via email to