Description of problem: When LDAP is being used as a backend, attributes that are mapped to 'None' will trigger a 500 error if they are not also configured to be ignored. This can be easily reproduced by modifying the default config as follows: ------------------------------------------------------------- # List of attributes stripped off the user on update. (list # value) #user_attribute_ignore=default_project_id,tenants user_attribute_ignore=tenants # LDAP attribute mapped to default_project_id for users. # (string value) #user_default_project_id_attribute=<None> ------------------------------------------------------------- If you then perform a 'keystone user-list', it will trigger a 500 error: ------------------------------------------------------------- [root@keystone ~(keystone_admin)]# keystone user-list Authorization Failed: An unexpected error prevented the server from fulfilling your request. (HTTP 500) ------------------------------------------------------------- The end of the stacktrace in keystone.log clearly shows the problem: ------------------------------------------------------------- 2014-06-28 06:23:36.366 21931 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 502, in _ldap_res_to_model 2014-06-28 06:23:36.366 21931 TRACE keystone.common.wsgi v = lower_res[self.attribute_mapping.get(k, k).lower()] 2014-06-28 06:23:36.366 21931 TRACE keystone.common.wsgi AttributeError: 'NoneType' object has no attribute 'lower' ------------------------------------------------------------- Additional info: nkinder's fix for this is merged upstream: https://bugs.launchpad.net/keystone/+bug/1335437 This bugzilla is for backport to RHEL-OSP5.
I've proposed this as an upstream backport to stable/icehouse: https://review.openstack.org/#/c/113744/
This has been merged upstream for stable/icehouse.
This was included in the upstream 2014.1.3 Icehouse release.
*** This bug has been marked as a duplicate of bug 1113534 ***