← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1408845] [NEW] Disabling user in ldap brakes user-list for project

 

Public bug reported:

Disabling user in ldap brakes user-list for project.

Step to reproduce.

* create a "testuser" user in ldap backend for keystone.
* check that user exist in user list.
* assign some role to this user in any test project.
* check that this user appear in keystone user-list --tenat_it=testtenantid
* disable this user in ldap or remove it from the group.
* the user will disappear from user list but the command keystone user-list --tenat_id=testtenantid will return "User "testuser" not found." error in api and in keystone error log.

The workaround is to remove  role for user from user_project_metadata
table in keystone database.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1408845

Title:
  Disabling user in ldap brakes user-list for project

Status in OpenStack Identity (Keystone):
  New

Bug description:
  Disabling user in ldap brakes user-list for project.

  Step to reproduce.

  * create a "testuser" user in ldap backend for keystone.
  * check that user exist in user list.
  * assign some role to this user in any test project.
  * check that this user appear in keystone user-list --tenat_it=testtenantid
  * disable this user in ldap or remove it from the group.
  * the user will disappear from user list but the command keystone user-list --tenat_id=testtenantid will return "User "testuser" not found." error in api and in keystone error log.

  The workaround is to remove  role for user from user_project_metadata
  table in keystone database.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1408845/+subscriptions


Follow ups

References