yahoo-eng-team team mailing list archive

[Henry Nash <henryn@xxxxxxxxxxxxxxxxxx>]

Well, with the identity driver set to LDAP there are no user records in
Kyetsone - the LDAP driver basically retrieves the user list from the
LDAP server directly.  So there are "no users to remove without touching
LDAP".  As the error message says - you need to go to your LDAP server
to manage user accounts.

Please let us know if I have misunderstood the situation you describe.

** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1377840

Title:
  Keystone LDAP delete user -> you are not authorized to perform the
  requested action

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  Running an Icehouse setup, keystone connected to LDAP (Microsoft's AD 2003), doing some house cleaning. 
  Keystone user-list gaves a list of users, noticed one old users I'd like to delete. 

  Running below with admin user:
  # keystone user-delete user1 
  You are not authorized to perform the requested action, LDAP user delete. (HTTP 403)

  I didn't setup the LDAP connection my self,  it's probably set to ready only. 
  How can I remove this user without touching LDAP user, is it even possible? 

  Suggest returning a more informative notification: 
   "Keystone configured with LDAP authentication,  please use LDAP to manage users accounts."

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1377840/+subscriptions