<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><a href="https://bugs.launchpad.net/keystone/+bug/1662762">https://bugs.launchpad.net/keystone/+bug/1662762</a></div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">I ran into this with an install of Ocata on ubuntu from packages (not using fuel). It sounds like you might be hitting this same issue. I was able to resolve it by grabbing core.py from the Ocata version of the fix for this bug and dropping it in place.</div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">Hope that helps.</div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">Kind regards,</div><div id="AppleMailSignature"><br>-Chris</div><div><br>On Apr 20, 2017, at 7:47 AM, Gregory Orange <<a href="mailto:gregory.orange@pawsey.org.au">gregory.orange@pawsey.org.au</a>> wrote:<br><br></div><blockquote type="cite"><div><span>I should have said: This is on OpenStack Ocata, deployed with Fuel.</span><br><span></span><br><span>On 20/4/17 2:41 pm, Gregory Orange wrote:</span><br><blockquote type="cite"><span>We have configured Keystone for LDAP authentication via the domain_specific_drivers_enabled setting and a file keystone.<domain>.conf, and by tcpdump and LDAP server logs it appears to be working to some degree. That is, if the wrong credentials are entered, the response says so. However with the correct credentials, we get:</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>"An error occurred authenticating. Please try again later."</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>I'm not sure which of the numerous log entries to post (especially with various debug options enabled), but this seems relevant:</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>2017-04-20T06:00:09.845090+00:00 node-60 keystone-public: 2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi [req-12ca87a2-d790-4397-b703-7ff6ef11fcd1 - - - - -] 'options'</span><br></blockquote><blockquote type="cite"><span>2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi Traceback (most recent call last):</span><br></blockquote><blockquote type="cite"><span>2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 228, in __call__</span><br></blockquote><blockquote type="cite"><span>2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi     result = method(req, **params)</span><br></blockquote><blockquote type="cite"><span>2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 132, in authenticate_for_token</span><br></blockquote><blockquote type="cite"><span>2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi     auth_context['user_id'], method_names_set):</span><br></blockquote><blockquote type="cite"><span>2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/auth/core.py", line 377, in check_auth_methods_against_rules</span><br></blockquote><blockquote type="cite"><span>2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi     mfa_rules = user_ref['options'].get(ro.MFA_RULES_OPT.option_name, [])</span><br></blockquote><blockquote type="cite"><span>2017-04-20 06:00:09.822 17411 ERROR keystone.common.wsgi KeyError: 'options'</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>I haven't had much luck tracing through those Python files - I can't even see how they relate to each other which suggests they are using function calls from includes and I haven't traced that deeply.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Can anyone help shed light on this?</span><br></blockquote><span></span><br><span>_______________________________________________</span><br><span>Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a></span><br><span>Post to     : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a></span><br><span>Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a></span><br></div></blockquote></body></html>