1 Reply Latest reply on Feb 5, 2019 8:12 AM by jet1981

    VIO5 LDAP Bind errors

    jet1981 Novice

      Ever since upgrading to VIO5 we have started having issues with authenticating users in keystone that is backed by AD. When a user tries to authenticate they will get either a "An error occurred authenticating. Please try again later." or "Unable to retrieve authorized projects." However, when they try again immediately, they will authenticate as normal. In the keystone logs are

       

      "LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection."

       

      On the AD side there are no errors for failed logins. Anyone have experience with this type of error?

       

      Thanks!

        • 1. Re: VIO5 LDAP Bind errors
          jet1981 Novice

          Just to close the loop, in case the someone else has this issue. The fixed ended up being to set

           

          chase_referrals = False

          in /etc/keystone/keystone.conf on both Openstack controllers. Either that or ensure that LDAP chaining is enabled on the Active Directory side.