yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1848238] [NEW] cannot delete a ldap domain with groups

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sami Makki <smakki@xxxxxxxxxx>
Date: Tue, 15 Oct 2019 18:02:39 -0000
Reply-to: Bug 1848238 <1848238@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

I setup a domain with domain-specific backends, and configured one with
ldap driver.

When I tried to delete the domain, I got an error message:

Failed to delete domain with name or ID
'1d97d0d6fdcd402fa058549d7f297b8b': LDAP does not support write
operations.

After some investigation ( thanks @cmurphy ), it turned out that there
was an exception raised during the group deletion, here:
https://opendev.org/openstack/keystone/src/branch/stable/stein/keystone/identity/core.py#L509

Removing groups made the deletion possible.

Dealing with this deletion the same way a user is deleted ( by checking
the backend type ) should fix it:
https://opendev.org/openstack/keystone/src/branch/stable/stein/keystone/identity/core.py#L519-L522

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1848238

Title:
  cannot delete a ldap domain with groups

Status in OpenStack Identity (keystone):
  New

Bug description:
  I setup a domain with domain-specific backends, and configured one
  with ldap driver.

  When I tried to delete the domain, I got an error message:

  Failed to delete domain with name or ID
  '1d97d0d6fdcd402fa058549d7f297b8b': LDAP does not support write
  operations.

  After some investigation ( thanks @cmurphy ), it turned out that there
  was an exception raised during the group deletion, here:
  https://opendev.org/openstack/keystone/src/branch/stable/stein/keystone/identity/core.py#L509

  Removing groups made the deletion possible.

  Dealing with this deletion the same way a user is deleted ( by
  checking the backend type ) should fix it:
  https://opendev.org/openstack/keystone/src/branch/stable/stein/keystone/identity/core.py#L519-L522

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1848238/+subscriptions

Follow ups

[Bug 1848238] Re: cannot delete a ldap domain with groups
From: OpenStack Infra, 2019-10-30