The LDAP server is not reachable
This topic provides troubleshooting references and steps for resolving system errors when you are trying to reach an LDAP server.
Description
When object authentication is configured with AD/LDAP and the user is trying to run the keystone commands, the system displays the following error:[root@SSClusterNode3 ~]# openstack user listERROR: openstack An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-d3fe863e-da1f-4792-86cf-bd2f4b526023)
Cause
- The LDAP server is not reachable due to network issues.
- The LDAP server is not reachable because the system firewall is running.
- The LDAP server has been shut down.
When the LDAP server is not reachable, the keystone logs can be viewed in the /var/log/keystone directory.
The following example is an LDAP error found in /var/log/keystone/keystone.log:
/var/log/keystone/keystone.log:2016-01-28 14:21:00.663 25720 TRACE keystone.common.wsgi result = func(*args,**kwargs)2016-01-28 14:21:00.663 25720 TRACE keystone.common.wsgi SERVER_DOWN: {'desc': "Can't contact LDAP server"}.
Proposed workaround
- Check your network settings.
- Configure your firewall correctly.
- Repair the LDAP server.