[Openstack] LDAP + Keystone,, Error after authentication..
Adam Young
ayoung at redhat.com
Tue Dec 11 14:57:45 UTC 2012
On 12/11/2012 04:15 AM, yasith tharindu wrote:
> Hi Team;
>
>
> I was trying to configure ldap + keystone but it seems not working. I
> feel like authentication is successful but horizon return me python
> error. Im unable to trace as its does not give any detail. Following
> I have attached the error, ldap dump, keystone config. I would really
> appreciate if you can note me down any configuration error.
>
> My nova version is:: 2012.2 (2012.2-LOCALBRANCH:LOCALREVISION)
>
> If its wrong password it returns, "Invalid user name or password."
That sounds right
> When type correct credentials but user not in the any of "Group" it
> return "You are not authorized for any projects."
Yes
> When type correct credentials and the user is a member of a group (eg:
> cn=demo,ou=Groups,dc=example,dc=com), It returns following error.
It looks like some poor error handling in Horizon, to start. The Key
error means token.tenant['name'] is not defined in the object. Which
probably means that it doesn't have a real token or something. I'm
guessing that token.tenant is None at this point.
Does it work from the Keystone CLI? Isolate your problem, is it
Keystone, or is it Horizon.
>
>
>
>
>
> ################### The error ########################
>
> KeyError at /auth/login/
> 'name'
> Request Method:POST
> Request URL:https://192.168.25.240/auth/login/
> Django Version:1.4.1
> Exception Type:KeyError
> Exception Value:
> 'name'
> Exception
> Location:/usr/lib/python2.7/dist-packages/openstack_auth/user.py in
> create_user_from_token, line 25
> Python Executable:/usr/bin/python
> Python Version:2.7.3
> Python Path:
> ['/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../..',
> '/usr/share/openstack-dashboard/openstack_dashboard',
> '/usr/lib/python2.7',
> '/usr/lib/python2.7/plat-linux2',
> '/usr/lib/python2.7/lib-tk',
> '/usr/lib/python2.7/lib-old',
> '/usr/lib/python2.7/lib-dynload',
> '/usr/local/lib/python2.7/dist-packages',
> '/usr/lib/python2.7/dist-packages',
> '/usr/lib/pymodules/python2.7',
> '/usr/share/openstack-dashboard/']
>
>
> Environment:
>
>
> Request Method: POST
> Request URL: https://192.168.25.240/auth/login/
>
> Django Version: 1.4.1
> Python Version: 2.7.3
> Installed Applications:
> ('openstack_dashboard',
> 'django.contrib.contenttypes',
> 'django.contrib.auth',
> 'django.contrib.sessions',
> 'django.contrib.messages',
> 'django.contrib.staticfiles',
> 'django.contrib.humanize',
> 'compressor',
> 'horizon',
> 'horizon.dashboards.nova',
> 'horizon.dashboards.syspanel',
> 'horizon.dashboards.settings',
> 'openstack_auth')
> Installed Middleware:
> ('django.middleware.common.CommonMiddleware',
> 'django.middleware.csrf.CsrfViewMiddleware',
> 'django.contrib.sessions.middleware.SessionMiddleware',
> 'django.contrib.auth.middleware.AuthenticationMiddleware',
> 'django.contrib.messages.middleware.MessageMiddleware',
> 'horizon.middleware.HorizonMiddleware',
> 'django.middleware.doc.XViewMiddleware',
> 'django.middleware.locale.LocaleMiddleware')
>
>
> Traceback:
> File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py"
> in get_response
> 111. response = callback(request,
> *callback_args, **callback_kwargs)
> File
> "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py" in
> sensitive_post_parameters_wrapper
> 69. return view(request, *args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/django/utils/decorators.py" in
> _wrapped_view
> 91. response = view_func(request, *args, **kwargs)
> File
> "/usr/lib/python2.7/dist-packages/django/views/decorators/cache.py" in
> _wrapped_view_func
> 89. response = view_func(request, *args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/openstack_auth/views.py" in login
> 50. extra_context=extra_context)
> File
> "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py" in
> sensitive_post_parameters_wrapper
> 69. return view(request, *args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/django/utils/decorators.py" in
> _wrapped_view
> 91. response = view_func(request, *args, **kwargs)
> File
> "/usr/lib/python2.7/dist-packages/django/views/decorators/cache.py" in
> _wrapped_view_func
> 89. response = view_func(request, *args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/django/contrib/auth/views.py"
> in login
> 36. if form.is_valid():
> File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in is_valid
> 124. return self.is_bound and not bool(self.errors)
> File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in
> _get_errors
> 115. self.full_clean()
> File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in
> full_clean
> 271. self._clean_form()
> File "/usr/lib/python2.7/dist-packages/django/forms/forms.py" in
> _clean_form
> 299. self.cleaned_data = self.clean()
> File
> "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py" in
> sensitive_variables_wrapper
> 34. return func(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/openstack_auth/forms.py" in clean
> 57. auth_url=region)
> File
> "/usr/lib/python2.7/dist-packages/django/contrib/auth/__init__.py" in
> authenticate
> 45. user = backend.authenticate(**credentials)
> File "/usr/lib/python2.7/dist-packages/openstack_auth/backend.py" in
> authenticate
> 113. user = create_user_from_token(request, token,
> client.management_url)
> File "/usr/lib/python2.7/dist-packages/openstack_auth/user.py" in
> create_user_from_token
> 25. tenant_name=token.tenant['name'],
>
> Exception Type: KeyError at /auth/login/
> Exception Value: 'name'
>
>
>
>
> ########################My LDAP dump #####################
> dn: dc=example,dc=com
> objectClass: top
> objectClass: dcObject
> objectClass: organization
> o: example Inc
> dc: example
> structuralObjectClass: organization
>
>
> dn: cn=admin,dc=example,dc=com
> objectClass: simpleSecurityObject
> objectClass: organizationalRole
> cn: admin
> description: LDAP administrator
> userPassword:: e1NTSEF9cGgrencraEZDWlFDNmR2bmEyM2kyb2RVWXdsK0FlSWg=
>
> dn: ou=Groups,dc=example,dc=com
> ou: groups
> objectClass: organizationalUnit
>
>
>
> dn: ou=Users,dc=example,dc=com
> ou: users
> objectClass: organizationalUnit
>
>
> dn: ou=Roles,dc=example,dc=com
> ou: roles
> objectClass: organizationalUnit
> dn: cn=yasith,ou=Users,dc=example,dc=com
> cn: yasith
> displayName: yasith
> givenName: yasith
> mail: yasith at example.com <mailto:yasith at example.com>
> objectClass: inetOrgPerson
> objectClass: top
> sn: yasith
> uid: yasith
> userPassword:: YWJjMTIz
>
> dn: cn=demo,ou=Users,dc=example,dc=com
> cn: demo
> displayName: demo
> givenName: demo
> mail: demo at example.com <mailto:demo at example.com>
> objectClass: inetOrgPerson
> objectClass: top
> sn: demo
> uid: demo
> userPassword:: YWJjMTIz
>
> dn: cn=tharindu,ou=Users,dc=example,dc=com
> cn: tharindu
> displayName: tharindu
> givenName: tharindu
> mail: tharindu at example.com <mailto:tharindu at example.com>
> objectClass: inetOrgPerson
> objectClass: top
> sn: tharindu
> uid: tharindu
> userPassword:: YWJjMTIz
>
> dn: cn=demo,ou=Groups,dc=example,dc=com
> cn: demo
> member: cn=demo,ou=Users,dc=example,dc=com
> member: cn=yasith,ou=Users,dc=example,dc=com
> objectClass: groupOfNames
>
>
> dn: cn=Member,ou=Roles,dc=example,dc=com
> cn: member
> description: Role associated with openstack users
> objectClass: organizationalRole
> roleOccupant: cn=demo,ou=Users,dc=example,dc=com
>
>
>
>
>
> ######### Keystone Config #######################################
>
>
> [ldap]
> url = ldap://10.100.0.10 <http://10.100.0.10>
> tree_dn = dc=example,dc=com
> user_tree_dn = ou=Users,dc=example,dc=com
> role_tree_dn = ou=Roles,dc=example,dc=com
> tenant_tree_dn = ou=Groups,dc=example,dc=com
> user = cn=admin,dc=example,dc=com
> password = admin123
> suffix = cn=example,cn=com
>
> [identity]
> driver = keystone.identity.backends.ldap.Identity
>
>
> [catalog]
> driver = keystone.catalog.backends.sql.Catalog
>
> [token]
> driver = keystone.token.backends.sql.Token
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121211/dab6c816/attachment.html>
More information about the Openstack
mailing list