Adding a user to a domain fails with ldap identity and sql assignment driver
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
1) following is the configuration in keystone.conf. Domain specific drivers are not enabled.
[assignment]
driver = keystone.
[identity]
driver = keystone.
1) Create a domain using curl.
curl -k -sX POST -H "X-Auth-
2) Check if the domain is created. Indeed its there.
curl -k -sX GET -H "X-Auth-
{"domain": {"links": {"self": "https:/
3) Try creating a user in this domain
curl -k -sX POST -H "X-Auth-
The problem is this function in file /usr/lib/
def create_user(self, user_id, user_ref):
user = user_ref.copy()
# For creating a user, the domain is in the object itself
domain_id = user_ref[
driver = self._select_
if not driver.
user = self._clear_
ref = driver.
if not driver.
ref = self._set_
return ref
def _clear_
# Clear the domain_id, and then check to ensure that if this
# was not the default domain, it is being handled by its own
# backend driver.
ref = ref.copy()
domain_id = ref.pop(
if (domain_id != CONF.identity.
return ref
AFAIK, LDAP backend doesn't support domains (doesn't store the domain reference), that's why eveything stored there needs to point to the "default"domain (you can check the "gets" methods, where everything is retrieved and a reference to the default domain is added).