This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1286786 - Keystone v3 user/tenant lookup by name via OpenStack CLI client fails
Keystone v3 user/tenant lookup by name via OpenStack CLI client fails
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
high Severity urgent
: async
: 7.0 (Kilo)
Assigned To: Adam Young
Mike Abrams
: Triaged, ZStream
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-30 13:00 EST by Pablo Caruana
Modified: 2016-04-26 16:54 EDT (History)
6 users (show)

See Also:
Fixed In Version: openstack-keystone-2015.1.2-2.el7ost
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-21 12:01:22 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1454309 None None None Never
OpenStack gerrit 184622 None None None Never

  None (edit)
Description Pablo Caruana 2015-11-30 13:00:55 EST
Description of problem:

When using the openstack CLI client to look up users/tenants by name (e.g., openstack user show admin or openstack openstack project show AdminTenant), it fails with a 500 and the following traceback:

2015-11-30 08:04:50.333 25102 DEBUG keystone.common.controller [-] RBAC: Authorization granted wrapper /usr/lib/python2.7/site-packages/keystone/common/controller.py:203
2015-11-30 08:04:50.333 25102 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://ad.example.com _common_ldap_initialization /usr/lib/python2.7/site-packages/keystone/common/ldap/core.py:576
2015-11-30 08:04:50.333 25102 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1 _common_ldap_initialization /usr/lib/python2.7/site-packages/keystone/common/ldap/core.py:580
2015-11-30 08:04:50.333 25102 DEBUG keystone.common.ldap.core [-] LDAP bind: who=adm_vmdeploy@ad.example.com  simple_bind_s /usr/lib/python2.7/site-packages/keystone/common/ldap/core.py:896
2015-11-30 08:04:50.357 25102 DEBUG keystone.common.ldap.core [-] LDAP search: base=OU=BusinessUnits,DC=ad,DC=example.com,DC=pri scope=2 filterstr=(&(&None(cn=35842))(objectClass=person)) attrs=['', 'userAccountControl', 'cn', 'mail'] attrsonly=0 search_s /usr/lib/python2.7/site-packages/keystone/common/ldap/core.py:931
2015-11-30 08:04:50.357 25102 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.7/site-packages/keystone/common/ldap/core.py:904
2015-11-30 08:04:50.357 25102 ERROR keystone.common.wsgi [-] {'desc': 'Bad search filter'}
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi Traceback (most recent call last):
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 239, in __call__
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     result = method(context, **params)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 206, in wrapper
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     return f(self, context, filters, **kwargs)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/identity/controllers.py", line 223, in list_users
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     hints=hints)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 52, in wrapper
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     return f(self, *args, **kwargs)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 342, in wrapper
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     return f(self, *args, **kwargs)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 353, in wrapper
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     return f(self, *args, **kwargs)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/identity/core.py", line 791, in list_users
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     ref_list = driver.list_users(hints)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap.py", line 82, in list_users
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     return self.user.get_all_filtered(hints)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap.py", line 269, in get_all_filtered
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     return [self.filter_attributes(user) for user in self.get_all(query)]
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 1869, in get_all
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     return super(EnabledEmuMixIn, self).get_all(ldap_filter)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 1505, in get_all
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     for x in self._ldap_get_all(ldap_filter)]
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 1467, in _ldap_get_all
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     attrs)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 944, in search_s
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     attrlist_utf8, attrsonly)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 640, in wrapper
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     return func(self, conn, *args, **kwargs)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 770, in search_s
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     attrsonly)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 552, in search_s
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 876, in search_ext_s
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in _apply_method_s
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     return func(self,*args,**kwargs)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 545, in search_ext_s
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 541, in search_ext
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     timeout,sizelimit,
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi     result = func(*args,**kwargs)
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi FILTER_ERROR: {'desc': 'Bad search filter'}
2015-11-30 08:04:50.357 25102 TRACE keystone.common.wsgi
2015-11-30 08:04:50.360 25102 INFO eventlet.wsgi.server [-] 10.239.152.105 - - [30/Nov/2015 08:04:50] "GET /v3/users?domain_id=09eb9e5e089943388d376a9df86b6197&name=35842 HTTP/1.1" 500 459 0.035700
Version-Release number of selected component (if applicable):

Keystone 2015.1.1  what comes within the osp 7.1 overcloud full image

How reproducible:

[stack@rhos ~(keystone_v3_admin)]$ openstack user show --domain AD 35842
ERROR: openstack An unexpected error prevented the server from fulfilling your request: {'desc': 'Bad search filter'} (Disable debug mode to suppress these details.) (HTTP 500) (Request-ID: req-415f93a6-1b57-44c7-a289-9913a59c7ebc)
[stack@rhos ~(keystone_v3_admin)]$


When manually applying the source change https://git.openstack.org/cgit/openstack/keystone/commit/?id=2c6db4a3bb9e1718744b0e5b03af050fd2866182 as described in the Upstream bugtracker https://bugs.launchpad.net/keystone/+bug/1454309 this issue goes away
Comment 11 errata-xmlrpc 2015-12-21 12:01:22 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2015:2682

Note You need to log in before you can comment on or make changes to this bug.