VIO ldap configuration fails with "filterstr=(&(&<no value>(userPrincipalName=" in keystone-api log
search cancel

VIO ldap configuration fails with "filterstr=(&(&<no value>(userPrincipalName=" in keystone-api log

book

Article ID: 321728

calendar_today

Updated On: 05-26-2020

Products

VMware VMware Integrated OpenStack

Issue/Introduction

Symptoms:
  • Using VMware Integrated Openstack 6.x
  • Openstack Deployment is stuck in state RECONFIGURING
  • keystone-api/0.log similar to this:
    ...filterstr=(&(&<no value>(userPrincipalName=vio_admin@mytest-labs.net))(objectClass=user)(cn=*)) attrs=['cn', 'userPassword', 'userAccountControl', 'userPrincipalName', 'mail', 'description'] attrsonly=0 search_s /usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py:949\x1b


Environment

VMware Integrated OpenStack 6.x

Cause

While configuring LDAP identity source in VIO6 the user or group filter field was left empty.

Resolution

This is a known issue affecting VMware Integrated Openstack 6.0.

Workaround:
  1. Edit keystone CR by running the command:
#viocli update keystone

Change 
user_filter: null
To

user_filter: ''


Additional Information

Configure LDAP Authentication