LDAP integration fails with "Minimum SSF not met."

Solution Verified - Updated -


When configuring keystone to authentication against an LDAP server with a minSSF value greater than 0, keystone fails to perform any authentication with this error:

# keystone user-list
Authorization Failed: An unexpected error prevented the server from fulfilling your request. {'info': 'Minimum SSF not met.', 'desc': 'Server is unwilling to perform'} (HTTP 500)


  • Red Hat Enterprise Linux OpenStack Platform 5
  • LDAP server with a "minssf" value greater than 0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In