VMware Cloud Community
jet1981
Contributor
Contributor
Jump to solution

VIO5 LDAP Bind errors

Ever since upgrading to VIO5 we have started having issues with authenticating users in keystone that is backed by AD. When a user tries to authenticate they will get either a "An error occurred authenticating. Please try again later." or "Unable to retrieve authorized projects." However, when they try again immediately, they will authenticate as normal. In the keystone logs are

"LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection."

On the AD side there are no errors for failed logins. Anyone have experience with this type of error?

Thanks!

Reply
0 Kudos
1 Solution

Accepted Solutions
jet1981
Contributor
Contributor
Jump to solution

Just to close the loop, in case the someone else has this issue. The fixed ended up being to set

chase_referrals = False

in /etc/keystone/keystone.conf on both Openstack controllers. Either that or ensure that LDAP chaining is enabled on the Active Directory side.

View solution in original post

Reply
0 Kudos
1 Reply
jet1981
Contributor
Contributor
Jump to solution

Just to close the loop, in case the someone else has this issue. The fixed ended up being to set

chase_referrals = False

in /etc/keystone/keystone.conf on both Openstack controllers. Either that or ensure that LDAP chaining is enabled on the Active Directory side.

Reply
0 Kudos