yahoo-eng-team team mailing list archive

[David Stanek <dstanek@xxxxxxxxxxx>]

LDAP is now read-only so this specific issue no longer applies. Please
re-open if you still have problems that are unrelated to writing.

** Changed in: keystone
       Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1373232

Title:
  The ldap driver needs to bubble up some ldap exceptions

Status in OpenStack Identity (keystone):
  Won't Fix

Bug description:
  LDAP driver can bubble up some exceptions as 400 errors.
  Example ldap.CONSTRAINT_VIOLATION and ldap.UNWILLING

      def update_user(self, user_id, user):
          self.user.check_allow_update()
          if 'id' in user and user['id'] != user_id:
              raise exception.ValidationError(_('Cannot change user ID'))
          old_obj = self.user.get(user_id)
          #Defect 118381, user name update in ldap should be allowed.
          #if 'name' in user and old_obj.get('name') != user['name']:
            #  raise exception.Conflict(_('Cannot change user name'))

          #user = utils.hash_ldap_user_password(user)
          if self.user.enabled_mask:
              self.user.mask_enabled_attribute(user)
          try:
                  self.user.update(user_id, user, old_obj)
          except ldap.CONSTRAINT_VIOLATION as e:
              if 'info' in e[0]:
                  raise  exception.ValidationError(e[0]['info'])
              else:
                  raise AssertionError(_('Error updating user'))
          return self.user.get_filtered(user_id)

  https://github.com/openstack/keystone/blob/1af24284bdc093dae4f027ade2ddb29656b676f0/keystone/identity/backends/ldap.py#L95-L111

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1373232/+subscriptions