Description of problem: after configuring keystone with the ldap backend for Identity and the sql backend for Assignments, user authentication fails with a trace in the logs reporting KeyError on user_ref['name'] (providers/uuid.py) 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi Traceback (most recent call last): 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 238, in __call__ 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi result = method(context, **params) 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 127, in authenticate 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi auth_token_data, roles_ref=roles_ref, catalog_ref=catalog_ref) 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/common/manager.py", line 44, in _wrapper 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi return f(*args, **kw) 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/providers/uuid.py", line 364, in issue_v2_token 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi token_ref, roles_ref, catalog_ref) 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/providers/uuid.py", line 59, in format_token 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi 'name': user_ref['name'], 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi KeyError: 'name' 2014-03-05 16:13:19.059 111440 TRACE keystone.common.wsgi Version-Release number of selected component (if applicable): openstack-keystone-2013.2.2-1.el6ost.noarch Notes: issue was found using an active directory as ldap backend, in read-only mode, where user_id_attribute=cn and user_name_attribute=samaccountname
This is actually a Keystone bug, and it's not an invasive change. I have a patch out for review upstream. Once it is merged, we can work on getting it backported for Icehouse and RHEL OSP 5.0.
This has been merged upstream for stable/icehouse: https://review.openstack.org/#/c/89898/
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-0854.html