yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #01739
[Bug 1157727] Re: ldap backend fails to work with enabled attributes on domains and groups
** Changed in: keystone
Status: Fix Committed => Fix Released
** Changed in: keystone
Milestone: None => grizzly-rc1
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1157727
Title:
ldap backend fails to work with enabled attributes on domains and
groups
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
I started working on a separate bug and attempted to run the live ldap
tests:
PYTHONPATH=. ./run_tests.sh --nologcapture _ldap_livetest:LiveLDAPIdentity.test_add_duplicate_role_grant
test_add_duplicate_role_grant (_ldap_livetest.LiveLDAPIdentity) ... ERROR
======================================================================
ERROR: test_add_duplicate_role_grant (_ldap_livetest.LiveLDAPIdentity)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/Users/allan/repos/devstack/stack/keystone/tests/test_backend_ldap.py", line 52, in setUp
self.load_fixtures(default_fixtures)
File "/Users/allan/repos/devstack/stack/keystone/keystone/test.py", line 247, in load_fixtures
rv = self.identity_api.create_domain(domain['id'], domain)
File "/Users/allan/repos/devstack/stack/keystone/keystone/identity/backends/ldap/core.py", line 275, in create_domain
return self.domain.create(domain)
File "/Users/allan/repos/devstack/stack/keystone/keystone/identity/backends/ldap/core.py", line 968, in create
return super(DomainApi, self).create(data)
File "/Users/allan/repos/devstack/stack/keystone/keystone/common/ldap/core.py", line 256, in create
conn.add_s(self._id_to_dn(values['id']), attrs)
File "/Users/allan/repos/devstack/stack/keystone/keystone/common/ldap/core.py", line 384, in add_s
return self.conn.add_s(dn, ldap_attrs)
File "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 194, in add_s
return self.result(msgid,all=1,timeout=self.timeout)
File "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 422, in result
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 426, in result2
res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
File "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 432, in result3
ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
File "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 96, in _ldap_call
result = func(*args,**kwargs)
UNDEFINED_TYPE: {'info': 'enabled: attribute type undefined', 'desc': 'Undefined attribute type'}
----------------------------------------------------------------------
Ran 1 test in 0.088s
FAILED (errors=1)
This is the same problem that was solved in earlier changes via
enabled emulation. The tenant and user objects both take this into
account. A workaround to get live ldap tests running is to simply
ignore the enabled attributes in your backend_liveldap.conf:
domain_attribute_ignore = enabled
group_attribute_ignore = enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1157727/+subscriptions
