The LDAP server is not reachable

This topic provides troubleshooting references and steps for resolving system errors when you are trying to reach an LDAP server.

Description

When object authentication is configured with AD/LDAP and the user is trying to run the keystone commands, the system displays the following error:[root@SSClusterNode3 ~]# openstack user listERROR: openstack An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-d3fe863e-da1f-4792-86cf-bd2f4b526023)

Cause

The system displays this error under one or all of the following conditions:
  • The LDAP server is not reachable due to network issues.
  • The LDAP server is not reachable because the system firewall is running.
  • The LDAP server has been shut down.
Note:

When the LDAP server is not reachable, the keystone logs can be viewed in the /var/log/keystone directory.

The following example is an LDAP error found in /var/log/keystone/keystone.log:

/var/log/keystone/keystone.log:2016-01-28 14:21:00.663 25720 TRACE keystone.common.wsgi result = func(*args,**kwargs)2016-01-28 14:21:00.663 25720 TRACE keystone.common.wsgi SERVER_DOWN: {'desc': "Can't contact LDAP server"}.

Proposed workaround

  • Check your network settings.
  • Configure your firewall correctly.
  • Repair the LDAP server.
Parent topic: Object issues