OpenStack Identity (keystone)

user delete fails on LDAP when user has assigned roles

Bug #1115519 reported by Adam Young on 2013-02-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Undecided	Unassigned	OpenStack Identity (keystone) 2013.1 "grizzly"

See assigned patch:

Failuer is due to the delete loop in ldap/core.py

class UserAPI:
...
def delete(self, id):
...

for ref in self.role_api.list_project_roles_for_user(id):
self.role_api.rolegrant_delete(ref.id)

UserRoleAssignement does not have an id field.

Revision history for this message

Adam Young (ayoung) wrote on 2013-02-04:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-02-04: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/21145

Changed in keystone:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-02-05: Fix merged to keystone (master)

commit 74c3e879f4ae1e6ed0af26b13d082915335c4d0b
Author: Adam Young <email address hidden>
Date: Mon Feb 4 14:13:56 2013 -0500

Delete Roles for User and Project LDAP

Code was not including the attribute id for the member list

unit tests show that delete of user with roles assigned is broken for LDAP

Change-Id: Icfa7a4a970cb9db544c3c77af9531aae5c1f56b4

Changed in keystone:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-02-21

Thierry Carrez (ttx) on 2013-04-04

Changed in keystone:
milestone:	grizzly-3 → 2013.1

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.