← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1993742] [NEW] Foreign key constraint fails with federated LDAP backed domain

 

Public bug reported:

We have an LDAP backed federated domain with OIDC via Okta.
Trying to login we see the below error.

CRITICAL keystone [req-f29ebb11-6626-4a70-99b8-966dd06f2409 - - - - -] Unhandled error: oslo_db.exception.DBReferenceError: (pymysql.err.IntegrityError) (1452, 'Cannot add or update a child row: a foreign key constraint fails (`keystone`.`expiring_user_group_membership`, CONSTRAINT `expiring_user_group_membership_ibfk_2` FOREIGN KEY (`group_id`) REFERENCES `group` (`id`))')
                                                                         [SQL: INSERT INTO expiring_user_group_membership (user_id, group_id, idp_id, last_verified) VALUES (%(user_id)s, %(group_id)s, %(idp_id)s, %(last_verified)s)]

Login works if we disable foreign key checks.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1993742

Title:
  Foreign key constraint fails with federated LDAP backed domain

Status in OpenStack Identity (keystone):
  New

Bug description:
  We have an LDAP backed federated domain with OIDC via Okta.
  Trying to login we see the below error.

  CRITICAL keystone [req-f29ebb11-6626-4a70-99b8-966dd06f2409 - - - - -] Unhandled error: oslo_db.exception.DBReferenceError: (pymysql.err.IntegrityError) (1452, 'Cannot add or update a child row: a foreign key constraint fails (`keystone`.`expiring_user_group_membership`, CONSTRAINT `expiring_user_group_membership_ibfk_2` FOREIGN KEY (`group_id`) REFERENCES `group` (`id`))')
                                                                           [SQL: INSERT INTO expiring_user_group_membership (user_id, group_id, idp_id, last_verified) VALUES (%(user_id)s, %(group_id)s, %(idp_id)s, %(last_verified)s)]

  Login works if we disable foreign key checks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1993742/+subscriptions