Multiple round trips for DNs

Unassigning due to inactivity.

Reviewed: https://review.openstack.org/47441
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=401294da9a7babdd6be5c7f19aef0e07811ba09e
Submitter: Jenkins
Branch: master

commit 401294da9a7babdd6be5c7f19aef0e07811ba09e
Author: Adam Young <email address hidden>
Date: Tue Feb 18 22:35:34 2014 -0800

    Reduce excess LDAP searches

    Many LDAP based calls are looking up user and group
    entries multiple times when it is not necessary.

    Converting from a user or group object to a DN requires
    a lookup which is wasteful. Instead, we add the DN to
    the object and filter it off before returning it to the
    end user.

    There were also search operations being performed before
    issuing modify operations in an attempt to check if the
    entry exists. The modify operations can just be attempted
    and we can check for an LDAP NO_SUCH_OBJECT exception
    instead. This reduces the number of search operations
    that we need to perform.

    The remove_user_from_group method in the SQL identity
    driver did not match the other drivers with regards to
    the exceptions it returns when the user or group does
    not exist. Since new tests were added to check these
    exceptions, the SQL driver was modified to match the
    behavior of the other drivers.

    The LDAP version of test_attribute_update is skipped as
    part of this patch as it was causing failures in the
    live_tests. It tests Blank values in a required field
    which is an error in LDAP.

    Closes-Bug: 1230260
    Co-Authored By: Nathan Kinder <email address hidden>

    Change-Id: I2b740412b6ca38dafceb29c6b35556b5869b1658