We have documentation that explains how to map attributes, like `name`, from LDAP to keystone [0]. I would be curious to see if you still end up with the same issue after reading and applying the configuration in those docs.
[0] https://docs.openstack.org/keystone/latest/configuration.html#using- an-ldap-server ** Changed in: keystone Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1704205 Title: GET /v3/role_assignments?effective&include_names API fails with unexpected 500 error Status in OpenStack Identity (keystone): Invalid Bug description: In an environment like ldap server as identity backend, where a group has role assignment but some users in group doesn't have "name" attribute configured in ldap. So while fetching effective role assignments with include_names, it is failing in below stack trace error. 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi Traceback (most recent call last): 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__ 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi result = method(req, **params) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 999, in list_role_assignments_wrapper 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi return self.list_role_assignments(request) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in wrapper 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi return f(self, request, filters, **kwargs) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 956, in list_role_assignments 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi return self._list_role_assignments(request, filters) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 945, in _list_role_assignments 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi include_names=include_names) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in wrapped 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/core.py", line 948, in list_role_assignments 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi return self._get_names_from_role_assignments(role_assignments) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/core.py", line 974, in _get_names_from_role_assignments 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi new_assign['user_name'] = _user['name'] 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi KeyError: 'name' 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1704205/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
