1 Reply Latest reply on Apr 30, 2018 1:22 PM by jet81

    VIO 3.1 - Can't contact LDAP

    jet81 Lurker

      I came in this morning unable to log in to Horizon with an LDAP account. This was all functional on Friday and no changes were made over the weekend. Now when someone tries to log in with an LDAP account (backed by AD) I get the below error.

       

      Also, I can ping the AD server from the controller, I can "validate" the AD settings in the vSphere VIO client, and it will return objects. Just any actual logins fail. I can still log with the "local" admin account. Of course this happens the week I have to demo the system...

       

      2018-04-30 15:11:36.413 24362 DEBUG keystone.common.ldap.core [req-96fdc559-40e8-4adb-b0c7-2957c55cef7c - - - - -] LDAP init: url=ldaps://ad.server.com:636 _common_ldap_initialization /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:579

      2018-04-30 15:11:36.414 24362 DEBUG keystone.common.ldap.core [req-96fdc559-40e8-4adb-b0c7-2957c55cef7c - - - - -] LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=/etc/keystone/ssl/certs/ tls_req_cert=2 tls_avail=1 _common_ldap_initialization /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:583

      2018-04-30 15:11:36.415 24362 DEBUG keystone.common.ldap.core [req-96fdc559-40e8-4adb-b0c7-2957c55cef7c - - - - -] LDAP bind: who=ldapquery@domain simple_bind_s /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:903

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi [req-96fdc559-40e8-4adb-b0c7-2957c55cef7c - - - - -] {'info': '(unknown error code)', 'desc': "Can't contact LDAP server"}

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi Traceback (most recent call last):

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 249, in __call__

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     result = method(context, **params)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 396, in authenticate_for_token

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     self.authenticate(context, auth_info, auth_context)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 520, in authenticate

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     auth_context)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/auth/plugins/password.py", line 30, in authenticate

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     user_info = auth_plugins.UserAuthInfo.create(auth_payload, METHOD_NAME)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/auth/plugins/core.py", line 107, in create

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     user_auth_info._validate_and_normalize_auth_data(auth_payload)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/auth/plugins/core.py", line 196, in _validate_and_normalize_auth_data

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     auth_payload)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/auth/plugins/core.py", line 173, in _validate_and_normalize_auth_data

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     user_name, domain_ref['id'])

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 124, in wrapped

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     __ret_val = __f(*args, **kwargs)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 433, in wrapper

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     return f(self, *args, **kwargs)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 443, in wrapper

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     return f(self, *args, **kwargs)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1053, in decorate

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     should_cache_fn)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 657, in get_or_create

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     async_creator) as value:

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 158, in __enter__

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     return self._enter()

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 98, in _enter

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     generated = self._enter_create(createdtime)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 149, in _enter_create

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     created = self.creator()

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 625, in gen_value

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     created_value = creator()

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1049, in creator

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     return fn(*arg, **kw)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 902, in get_user_by_name

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     ref = driver.get_user_by_name(user_name, domain_id)

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/identity/backends/ldap.py", line 90, in get_user_by_name

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     return self.user.filter_attributes(self.user.get_by_name(user_name))

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 1532, in get_by_name

      2018-04-30 15:11:38.112 24362 ERROR keystone.common.wsgi     res = self.get_all(query)

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 1934, in get_all

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi     return super(EnabledEmuMixIn, self).get_all(ldap_filter, hints)

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 1541, in get_all

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi     for x in self._ldap_get_all(hints, ldap_filter)]

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/driver_hints.py", line 42, in wrapper

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi     return f(self, hints, *args, **kwargs)

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 1497, in _ldap_get_all

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi     with self.get_connection() as conn:

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 1291, in get_connection

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi     conn.simple_bind_s(user, password)

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 908, in simple_bind_s

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi     clientctrls=clientctrls)

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 757, in simple_bind_s

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi     with self._get_pool_connection() as conn:

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi     return self.gen.next()

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/ldappool/__init__.py", line 291, in connection

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi     conn = self._get_connection(bind, passwd)

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/ldappool/__init__.py", line 244, in _get_connection

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi     conn = self._create_connector(bind, passwd)

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/ldappool/__init__.py", line 224, in _create_connector

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi     raise BackendError(str(exc), backend=conn)

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi BackendError: {'info': '(unknown error code)', 'desc': "Can't contact LDAP server"}

      2018-04-30 19:03:56.921 2393 ERROR keystone.common.wsgi