[Openstack-operators] ldap INVALID_CREDENTIALS

Sharif Islam islamsh at indiana.edu
Wed Aug 24 20:43:34 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Usually when I query ldap from perl or java, I create an anonymous bind.
I am not sure what openstack requires in this case.

- --auth_driver=nova.auth.ldapdriver.LdapDriver
- --ldap_url=ldap://$nova_ldap_host
- --ldap_password=$nova_ldap_user_pass
- --ldap_user_dn=$nova_ldap_user_dn


This is my setting:

- --auth_driver=nova.auth.ldapdriver.LdapDriver
- --ldap_url=ldap://myldap.univeristy.org
- --ldap_user_dn= uid=sharif,ou=People,dc=university,dc=org




This is from nova-manage log:


(nova): TRACE:   File
"/usr/lib/python2.6/site-packages/nova/auth/ldapdriver.py", line 120, in
__enter__
(nova): TRACE:     self.conn.simple_bind_s(FLAGS.ldap_user_dn,
FLAGS.ldap_password)
(nova): TRACE:   File
"/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 207, in
simple_bind_s
(nova): TRACE:     return self.result(msgid,all=1,timeout=self.timeout)
(nova): TRACE:   File
"/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 436, in result
(nova): TRACE:     res_type,res_data,res_msgid =
self.result2(msgid,all,timeout)
(nova): TRACE:   File
"/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 440, in
result2
(nova): TRACE:     res_type, res_data, res_msgid, srv_ctrls =
self.result3(msgid,all,timeout)
(nova): TRACE:   File
"/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 446, in
result3
(nova): TRACE:     ldap_result =
self._ldap_call(self._l.result3,msgid,all,timeout)
(nova): TRACE:   File
"/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 96, in
_ldap_call
(nova): TRACE:     result = func(*args,**kwargs)
(nova): TRACE: INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

- From nova-api:

2011-08-24 16:32:48,828 nova.auth.manager: Looking up user:
'70b709b7-82d1-404c-873a-8a7b116fec24'
2011-08-24 16:32:56,902 nova.auth.manager: Looking up user:
'70b709b7-82d1-404c-873a-8a7b116fec24'
2011-08-24 16:33:12,989 nova.auth.manager: Looking up user:
'70b709b7-82d1-404c-873a-8a7b116fec24


- --sharif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOVWJ2AAoJEACffes9SivFad8IANLdpJlCFf91ry9rH0qkIQV/
Jn6hrDRRGPc/ApXaGjTI9Bv1R2Dkos9Mabc0IXni8Ntq8G1NYEf2UzoUBXpzFkOu
ArWlRjestXlkCpRoB49tdO04H6v1KjKm4sbQPKyhyKN9BdxsEB0GhPIqNMv95fcl
wf0hp3EqUhHd/7CKYv3GSUMaZw/P9RjMey5xXX7fCya3INdc1ooK/lwoZUt4XVL2
uLlFXSB7v4isZs1rViCn3/TMQL1ICviZcyxF7CIKdq8Cl0YOuP1LrdOtDHO54IBY
Fptj7jAJQMBpqftMS8v1NYEqQwZGRgtGXRsFMvL9m1+2haJYpIA+xir/bL0pc6w=
=aKDN
-----END PGP SIGNATURE-----

More information about the Openstack-operators mailing list