I came in this morning unable to log in to Horizon with an LDAP account. This was all functional on Friday and no changes were made over the weekend. Now when someone tries to log in with an LDAP account (backed by AD) I get the below error.
Also, I can ping the AD server from the controller, I can "validate" the AD settings in the vSphere VIO client, and it will return objects. Just any actual logins fail. I can still log with the "local" admin account. Of course this happens the week I have to demo the system...
2018-04-30 15:11:36.413 24362 DEBUG keystone.common.ldap.core [req-96fdc559-40e8-4adb-b0c7-2957c55cef7c - - - - -] LDAP init: url=ldaps://ad.server.com:636 _common_ldap_initialization /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:579
2018-04-30 15:11:36.414 24362 DEBUG keystone.common.ldap.core [req-96fdc559-40e8-4adb-b0c7-2957c55cef7c - - - - -] LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=/etc/keystone/ssl/certs/ tls_req_cert=2 tls_avail=1 _common_ldap_initialization /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:583
2018-04-30 15:11:36.415 24362 DEBUG keystone.common.ldap.core [req-96fdc559-40e8-4adb-b0c7-2957c55cef7c - - - - -] LDAP bind: who=ldapquery@domain simple_bind_s /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:903
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi [req-96fdc559-40e8-4adb-b0c7-2957c55cef7c - - - - -] {'info': '(unknown error code)', 'desc': "Can't contact LDAP server"}
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi Traceback (most recent call last):
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 249, in __call__
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi result = method(context, **params)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 396, in authenticate_for_token
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi self.authenticate(context, auth_info, auth_context)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 520, in authenticate
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi auth_context)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/auth/plugins/password.py", line 30, in authenticate
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi user_info = auth_plugins.UserAuthInfo.create(auth_payload, METHOD_NAME)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/auth/plugins/core.py", line 107, in create
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi user_auth_info._validate_and_normalize_auth_data(auth_payload)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/auth/plugins/core.py", line 196, in _validate_and_normalize_auth_data
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi auth_payload)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/auth/plugins/core.py", line 173, in _validate_and_normalize_auth_data
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi user_name, domain_ref['id'])
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 124, in wrapped
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 433, in wrapper
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 443, in wrapper
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1053, in decorate
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi should_cache_fn)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 657, in get_or_create
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi async_creator) as value:
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 158, in __enter__
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi return self._enter()
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 98, in _enter
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi generated = self._enter_create(createdtime)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 149, in _enter_create
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi created = self.creator()
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 625, in gen_value
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi created_value = creator()
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1049, in creator
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi return fn(*arg, **kw)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 902, in get_user_by_name
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi ref = driver.get_user_by_name(user_name, domain_id)
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/identity/backends/ldap.py", line 90, in get_user_by_name
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi return self.user.filter_attributes(self.user.get_by_name(user_name))
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 1532, in get_by_name
2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi res = self.get_all(query)
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 1934, in get_all
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi return super(EnabledEmuMixIn, self).get_all(ldap_filter, hints)
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 1541, in get_all
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi for x in self._ldap_get_all(hints, ldap_filter)]
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/driver_hints.py", line 42, in wrapper
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi return f(self, hints, *args, **kwargs)
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 1497, in _ldap_get_all
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi with self.get_connection() as conn:
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 1291, in get_connection
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi conn.simple_bind_s(user, password)
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 908, in simple_bind_s
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi clientctrls=clientctrls)
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 757, in simple_bind_s
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi with self._get_pool_connection() as conn:
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi return self.gen.next()
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/ldappool/__init__.py", line 291, in connection
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi conn = self._get_connection(bind, passwd)
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/ldappool/__init__.py", line 244, in _get_connection
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi conn = self._create_connector(bind, passwd)
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/ldappool/__init__.py", line 224, in _create_connector
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi raise BackendError(str(exc), backend=conn)
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi BackendError: {'info': '(unknown error code)', 'desc': "Can't contact LDAP server"}
2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi
I was able to solve this by re-configuring VIO the same LDAP configuration settings again and the connection was restored. I don't know why though.
I was able to solve this by re-configuring VIO the same LDAP configuration settings again and the connection was restored. I don't know why though.