yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1483419] Re: Single Domain to Multi Domain assignments are lost

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Steve Martinelli <stevemar@xxxxxxxxxx>
Date: Tue, 02 Feb 2016 19:47:04 -0000
Reply-to: Bug 1483419 <1483419@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

this expired months ago, but didn't because it was attached to an
assignee

** Changed in: keystone
       Status: Incomplete => Won't Fix

** Changed in: keystone
     Assignee: Henry Nash (henry-nash) => (unassigned)

** Changed in: keystone
    Milestone: mitaka-3 => None

** Changed in: keystone
   Importance: High => Undecided

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1483419

Title:
  Single Domain to Multi Domain assignments are lost

Status in OpenStack Identity (keystone):
  Won't Fix

Bug description:
  When upgrading from a single domain LDAP environment to a multi domain
  LDAP environment all user role assignments are lost. The assignments'
  field actor_id is mapped to a user name in a single domain setup.
  When setting 'domain_specific_drivers_enabled=true' the actor_id field
  now maps to a new UUID which results in all existing users, including
  service users, losing their role assignments.  I was able to overcome
  this rather forcefully with this SQL query:

  INSERT IGNORE INTO assignment(actor_id, target_id, role_id) SELECT
  id_mapping.public_id, assignment.target_id, assignment.role_id FROM
  id_mapping INNER JOIN assignment on id_mapping.local_id =
  assignment.actor_id;

  Version Tested: 2014.2.4

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1483419/+subscriptions

References

[Bug 1483419] [NEW] Single Domain to Multi Domain assignments are lost
From: Paul Halmos, 2015-08-10