The Bind password is used when the object authentication configuration has expired

Refer to the following troubleshooting references and steps for resolving system errors when you use the Bind password and the object authentication configuration has expired.

Description

When object is configured with the AD/LDAP authentication and the bind password is being used for LDAP communication, the system displays the following error:

[root@SSClusterNode3 ~]# openstack user list

ERROR: openstack An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-d2ca694a-31e3-46cc-98b2-93556571aa7d) Authorization Failure. Authorization failed: An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-d6ccba54-baea-4a42-930e-e9576466de3c)

Cause

The system displays this error when the Bind password has been changed on the AD/LDAP server.

Proposed workaround

  1. Get the new password from the AD or LDAP server.
  2. Run the following command to update the password and restart keystone on any protocol nodes: 
    mmobj config change --ccrfile keystone.conf --section ldap --property password --value '<password>'
    The value for <password> needs to be the value for new password that is obtained in Step 1.

Note: This command restarts Keystone on any protocol nodes.