OpenStack Identity (keystone)

ldap backend fails to work with enabled attributes on domains and groups

Bug #1157727 reported by Allan Feid
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Undecided
Dolph Mathews
OpenStack Identity (keystone) 2013.1 "grizzly"

Bug Description

I started working on a separate bug and attempted to run the live ldap tests:

PYTHONPATH=. ./run_tests.sh --nologcapture _ldap_livetest:LiveLDAPIdentity.test_add_duplicate_role_grant
test_add_duplicate_role_grant (_ldap_livetest.LiveLDAPIdentity) ... ERROR

======================================================================
ERROR: test_add_duplicate_role_grant (_ldap_livetest.LiveLDAPIdentity)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/allan/repos/devstack/stack/keystone/tests/test_backend_ldap.py", line 52, in setUp
    self.load_fixtures(default_fixtures)
  File "/Users/allan/repos/devstack/stack/keystone/keystone/test.py", line 247, in load_fixtures
    rv = self.identity_api.create_domain(domain['id'], domain)
  File "/Users/allan/repos/devstack/stack/keystone/keystone/identity/backends/ldap/core.py", line 275, in create_domain
    return self.domain.create(domain)
  File "/Users/allan/repos/devstack/stack/keystone/keystone/identity/backends/ldap/core.py", line 968, in create
    return super(DomainApi, self).create(data)
  File "/Users/allan/repos/devstack/stack/keystone/keystone/common/ldap/core.py", line 256, in create
    conn.add_s(self._id_to_dn(values['id']), attrs)
  File "/Users/allan/repos/devstack/stack/keystone/keystone/common/ldap/core.py", line 384, in add_s
    return self.conn.add_s(dn, ldap_attrs)
  File "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 194, in add_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 422, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 426, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 432, in result3
    ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 96, in _ldap_call
    result = func(*args,**kwargs)
UNDEFINED_TYPE: {'info': 'enabled: attribute type undefined', 'desc': 'Undefined attribute type'}

----------------------------------------------------------------------
Ran 1 test in 0.088s

FAILED (errors=1)

This is the same problem that was solved in earlier changes via enabled emulation. The tenant and user objects both take this into account. A workaround to get live ldap tests running is to simply ignore the enabled attributes in your backend_liveldap.conf:

domain_attribute_ignore = enabled
group_attribute_ignore = enabled

See original description
Allan Feid (crayz)
description: updated
Sahdev Zala (spzala)
Changed in keystone:
assignee: nobody → Sahdev Zala (spzala)
Revision history for this message
Brad Topol (btopol) wrote :

 So here is what is happening. Ideally you should be able to use enabled_emulation for Group and Domains but those classes did not include the emulation mixin class so right now you cannot use enabled_emulation for Group and Domains. the work around is to use the ignore attribute for these and then the test will work. Hmm not sure this is worth blocking a release since there is a work-around. Sahdev is working on a patch

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/24936

Changed in keystone:
status: New → In Progress
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Sahdev Zala (spzala) → Dolph Mathews (dolph)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/24936
Committed: http://github.com/openstack/keystone/commit/53450e29f12a1c1e01c40e79ecdea1be3514b1bf
Submitter: Jenkins
Branch: master

commit 53450e29f12a1c1e01c40e79ecdea1be3514b1bf
Author: Sahdev Zala <email address hidden>
Date: Wed Mar 20 16:47:42 2013 -0500

    Enable emulation for domains

    Fixes bug #1157727

    Change-Id: I3760469b8000cfc5fb461bb9ede5d0e140413dd7

Changed in keystone:
status: In Progress → Fix Committed
Revision history for this message
Sahdev Zala (spzala) wrote :

Hi Dolph, I had the latest master on my system before I made commit so not sure why jenkins complained about "unable to be automatically merge..... with patch1" but thank you much for the patch2 and getting this into the build.

I read your question about groups, and I did verify before code commit that changes pass the full test. Thanks!

Revision history for this message
Dolph Mathews (dolph) wrote : Re: [Bug 1157727] Re: ldap backend fails to work with enabled attributes on domains and groups
Download full text (4.0 KiB)

No worries, the patch you conflicted with was actually mine, and went in
just a few minutes ahead of yours, so I was happy to resolve it.

-Dolph

On Wed, Mar 20, 2013 at 8:40 PM, Sahdev Zala <email address hidden> wrote:

> Hi Dolph, I had the latest master on my system before I made commit so
> not sure why jenkins complained about "unable to be automatically
> merge..... with patch1" but thank you much for the patch2 and getting
> this into the build.
>
> I read your question about groups, and I did verify before code commit
> that changes pass the full test. Thanks!
>
> --
> You received this bug notification because you are a bug assignee.
> https://bugs.launchpad.net/bugs/1157727
>
> Title:
> ldap backend fails to work with enabled attributes on domains and
> groups
>
> Status in OpenStack Identity (Keystone):
> Fix Committed
>
> Bug description:
> I started working on a separate bug and attempted to run the live ldap
> tests:
>
> PYTHONPATH=. ./run_tests.sh --nologcapture
> _ldap_livetest:LiveLDAPIdentity.test_add_duplicate_role_grant
> test_add_duplicate_role_grant (_ldap_livetest.LiveLDAPIdentity) ... ERROR
>
> ======================================================================
> ERROR: test_add_duplicate_role_grant (_ldap_livetest.LiveLDAPIdentity)
> ----------------------------------------------------------------------
> Traceback (most recent call last):
> File
> "/Users/allan/repos/devstack/stack/keystone/tests/test_backend_ldap.py",
> line 52, in setUp
> self.load_fixtures(default_fixtures)
> File "/Users/allan/repos/devstack/stack/keystone/keystone/test.py",
> line 247, in load_fixtures
> rv = self.identity_api.create_domain(domain['id'], domain)
> File
> "/Users/allan/repos/devstack/stack/keystone/keystone/identity/backends/ldap/core.py",
> line 275, in create_domain
> return self.domain.create(domain)
> File
> "/Users/allan/repos/devstack/stack/keystone/keystone/identity/backends/ldap/core.py",
> line 968, in create
> return super(DomainApi, self).create(data)
> File
> "/Users/allan/repos/devstack/stack/keystone/keystone/common/ldap/core.py",
> line 256, in create
> conn.add_s(self._id_to_dn(values['id']), attrs)
> File
> "/Users/allan/repos/devstack/stack/keystone/keystone/common/ldap/core.py",
> line 384, in add_s
> return self.conn.add_s(dn, ldap_attrs)
> File
> "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py",
> line 194, in add_s
> return self.result(msgid,all=1,timeout=self.timeout)
> File
> "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py",
> line 422, in result
> res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
> File
> "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py",
> line 426, in result2
> res_type, res_data, res_msgid, srv_ctrls =
> self.result3(msgid,all,timeout)
> File
> "/Users/allan/repos/devstack/stack/keystone/.venv/lib/python2.7/site-packages/ldap/ldapobject.py",
> line 432, in result3
> ldap_result = self._ldap_call(self._l.r...

Read more...

Thierry Carrez (ttx)
Changed in keystone:
milestone: none → grizzly-rc1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: grizzly-rc1 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.