Pulling images from Red Hat Quay fails with ldap.UNWILLING_TO_PERFORM error

Solution Verified - Updated -

Issue

  • Pulling images from Red Hat Quay fails with the invalid status code from registry 500 (Internal Server Error) error:

  • ldap.UNWILLING_TO_PERFORM error when pulling an image from Quay registry:

    2024-12-29T06:19:05.249534119Z gunicorn-registry stdout | 2024-12-29 06:19:05,248 [297] [ERROR] [gunicorn.error] Error handling request /v2/auth?account=username&scope=repository%3Anamespace%2Frepository%3Apull&service=registry.example.com
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout | Traceback (most recent call last):
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/gunicorn/workers/base_async.py", line 55, in handle
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     self.handle_request(listener_name, req, client, addr)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/gunicorn/workers/ggevent.py", line 127, in handle_request
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     super().handle_request(listener_name, req, sock, addr)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/gunicorn/workers/base_async.py", line 108, in handle_request
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     respiter = self.wsgi(environ, resp.start_response)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/flask/app.py", line 2463, in __call__
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     return self.wsgi_app(environ, start_response)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/werkzeug/middleware/proxy_fix.py", line 169, in __call__
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     return self.app(environ, start_response)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/flask/app.py", line 2449, in wsgi_app
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     response = self.handle_exception(e)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/flask/app.py", line 1866, in handle_exception
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     reraise(exc_type, exc_value, tb)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/flask/_compat.py", line 39, in reraise
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     raise value
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/flask/app.py", line 2446, in wsgi_app
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     response = self.full_dispatch_request()
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/flask/app.py", line 1951, in full_dispatch_request
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     rv = self.handle_user_exception(e)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/flask/app.py", line 1820, in handle_user_exception
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     reraise(exc_type, exc_value, tb)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/flask/_compat.py", line 39, in reraise
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     raise value
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/flask/app.py", line 1949, in full_dispatch_request
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     rv = self.dispatch_request()
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/flask/app.py", line 1935, in dispatch_request
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     return self.view_functions[rule.endpoint](**req.view_args)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/quay-registry/auth/decorators.py", line 41, in wrapper
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     result = handler(auth_header)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/quay-registry/auth/basic.py", line 43, in validate_basic_auth
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     result, _ = validate_credentials(auth_username, auth_password_or_token)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/quay-registry/auth/credentials.py", line 98, in validate_credentials
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     (authenticated, err) = authentication.verify_and_link_user(
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/quay-registry/data/users/__init__.py", line 329, in verify_and_link_user
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     (result, err_msg) = self.state.verify_and_link_user(username_or_email, password)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/quay-registry/data/users/federated.py", line 83, in verify_and_link_user
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     (credentials, err_msg) = self.verify_credentials(username_or_email, password)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/quay-registry/data/users/externalldap.py", line 447, in verify_credentials
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     with LDAPConnection(self._ldap_uri, found_dn, password, self._allow_tls_fallback):
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/quay-registry/data/users/externalldap.py", line 89, in __enter__
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     self._conn.simple_bind_s(self._user_dn, self._user_pw)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/ldap/ldapobject.py", line 249, in simple_bind_s
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/ldap/ldapobject.py", line 543, in result3
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/ldap/ldapobject.py", line 553, in result4
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |   File "/app/lib/python3.9/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout |     result = func(*args,**kwargs)
2024-12-29T06:19:05.249534119Z gunicorn-registry stdout | ldap.UNWILLING_TO_PERFORM: {'msgtype': 97, 'msgid': 1, 'result': 53, 'desc': 'Server is unwilling to perform', 'ctrls': [], 'info': 'Too many failed logins.\n'}

Environment

  • Red Hat Quay (Quay)
    • 3
  • Red Hat OpenShift Container Platform (RHOCP)
    • 4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content