yahoo-eng-team team mailing list archive

[Zhao Jian <jianzj@xxxxxxxxxx>]

Public bug reported:

Recently , I found a problem about creating domain when I set my
Identity driver to LDAP , and Resource driver to SQL(since I just found
resource driver for LDAP is still working on, could do more actions on
Domain resource).

I could not create a domain when identity driver is LDAP , and resource
driver is SQL,  but this use case could be done when identity driver is
SQL and resource driver is SQL.

I wonder if it is a design just like that , if so , could you help me to
some guide docs about this ?

Since checked with source code , I found it may be lead by code :
    path : ./keystone/identity/core.py
    def is_domain_aware(self):
        """Indicates if Driver supports domains."""
        return True

since SQL backend driver inherited the Driver , and "is_domain_aware()"
is true , but LDAP backend driver "is_domain_driver()" is False .

So , there is one explain in "./keystone/identity/core.py" : this method
"is_domain_driver()" is used to "Indicates if Driver supports domains."
,  and I checked with "./keystone/identity/backends/ldap.py" ,

class UserApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap):
    DEFAULT_OU = 'ou=Users'
    DEFAULT_STRUCTURAL_CLASSES = ['person']
    DEFAULT_ID_ATTR = 'cn'
    DEFAULT_OBJECTCLASS = 'inetOrgPerson'
    NotFound = exception.UserNotFound
    options_name = 'user'
    attribute_options_names = {'password': 'pass',
                               'email': 'mail',
                               'name': 'name',
                               'enabled': 'enabled',
                               'default_project_id': 'default_project_id'}

there is no "domain_id" section , so that is why "is_domain_aware()" ?

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1481145

Title:
  Keystone could create domain when Identity driver is LDAP and Resource
  driver is SQL

Status in Keystone:
  New

Bug description:
  Recently , I found a problem about creating domain when I set my
  Identity driver to LDAP , and Resource driver to SQL(since I just
  found resource driver for LDAP is still working on, could do more
  actions on Domain resource).

  I could not create a domain when identity driver is LDAP , and
  resource driver is SQL,  but this use case could be done when identity
  driver is SQL and resource driver is SQL.

  I wonder if it is a design just like that , if so , could you help me
  to some guide docs about this ?

  Since checked with source code , I found it may be lead by code :
      path : ./keystone/identity/core.py
      def is_domain_aware(self):
          """Indicates if Driver supports domains."""
          return True

  since SQL backend driver inherited the Driver , and
  "is_domain_aware()" is true , but LDAP backend driver
  "is_domain_driver()" is False .

  So , there is one explain in "./keystone/identity/core.py" : this
  method "is_domain_driver()" is used to "Indicates if Driver supports
  domains." ,  and I checked with "./keystone/identity/backends/ldap.py"
  ,

  class UserApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap):
      DEFAULT_OU = 'ou=Users'
      DEFAULT_STRUCTURAL_CLASSES = ['person']
      DEFAULT_ID_ATTR = 'cn'
      DEFAULT_OBJECTCLASS = 'inetOrgPerson'
      NotFound = exception.UserNotFound
      options_name = 'user'
      attribute_options_names = {'password': 'pass',
                                 'email': 'mail',
                                 'name': 'name',
                                 'enabled': 'enabled',
                                 'default_project_id': 'default_project_id'}

  there is no "domain_id" section , so that is why "is_domain_aware()" ?

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1481145/+subscriptions