yahoo-eng-team team mailing list archive

[OpenStack Infra <1848238@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.opendev.org/688939
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=d6977a0e9b3ed8ae80527d6f6ace67b687b46c60
Submitter: Zuul
Branch:    master

commit d6977a0e9b3ed8ae80527d6f6ace67b687b46c60
Author: Sami MAKKI <mail@xxxxxxxxxxxx>
Date:   Wed Oct 16 16:10:15 2019 +0200

    Remove group deletion for non-sql driver when removing domains.
    
    As LDAP is now read-only, trying to remove it was throwing an error.
    We now only try to delete it when the driver is sql-based.
    
    Change-Id: I15b92b35b31d0e5d735a629e7c154ddd7bdda03d
    Closes-bug: #1848238


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1848238

Title:
  cannot delete a ldap domain with groups

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  I setup a domain with domain-specific backends, and configured one
  with ldap driver.

  When I tried to delete the domain, I got an error message:

  Failed to delete domain with name or ID
  '1d97d0d6fdcd402fa058549d7f297b8b': LDAP does not support write
  operations.

  After some investigation ( thanks @cmurphy ), it turned out that there
  was an exception raised during the group deletion, here:
  https://opendev.org/openstack/keystone/src/branch/stable/stein/keystone/identity/core.py#L509

  Removing groups made the deletion possible.

  Dealing with this deletion the same way a user is deleted ( by
  checking the backend type ) should fix it:
  https://opendev.org/openstack/keystone/src/branch/stable/stein/keystone/identity/core.py#L519-L522

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1848238/+subscriptions