The Bind password is used when the object authentication configuration has expired

This topic provides troubleshooting references and steps for resolving system errors when you are using the Bind password and the object authentication configuration has expired.

Description

When object is configured with the AD/LDAP authentication and the bind password is being used for LDAP communication, the system displays the following error:

[root@SSClusterNode3 ~]# openstack user list ERROR: openstack An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-d2ca694a-31e3-46cc-98b2-93556571aa7d) Authorization Failure. Authorization failed: An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-d6ccba54-baea-4a42-930e-e9576466de3c)

Cause

The system displays this error when the Bind password has been changed on the AD/LDAP server.

Proposed workaround

  1. Obtain the new password from the AD/LDAP server.
  2. Run the following command to restart keystone on all protocol nodes: mmobj config change --ccrfile keystone.conf --section ldap --property password --value <password> where password is the new password obtained in Step 1.

Note: This command restarts Keystone on all protocol nodes.
Parent topic: Object issues