user to nonlocal_user should be a 1 to 1 table relationship
Bug #1649412 reported by
Ron De Rose
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Low
|
Ron De Rose | ||
Bug Description
The 'nonlocal_user' table shadows LDAP or custom identity driver users. Currently, the 'user' to 'nonlocal_user' table relationship is 1 to many. However, this is inaccurate. For example, there shouldn't be a user with multiple usernames from a single domain; keystone doesn't support that. A user belongs to a domain and has a single username.
| Changed in keystone: | |
| assignee: | nobody → Ron De Rose (ronald-de-rose) |
| importance: | Undecided → Low |
| Changed in keystone: | |
| status: | New → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #1 |
| Changed in keystone: | |
| status: | In Progress → Fix Released |
| Changed in keystone: | |
| milestone: | none → ocata-3 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/keystone 11.0.0.0b3 | #2 |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit e3f55e7b54250f4
Author: Ronald De Rose <email address hidden>
Date: Mon Dec 12 21:46:27 2016 +0000
Make user to nonlocal_user a 1:1 relationship
The table relationship between 'user' and 'nonlocal_user' should be
1 to 1, which is consistent with 'user' to 'local_user'. However, it's
mistakenly 1 to many. In fact, the backend code treats 'user' to
'nonlocal_user' as 1:1 and wouldn't allow duplicates, so this will have
zero impact on existing deployments. This patch fixes this by making the
user_id column unique.
Closes-Bug: #1649412
Partially-
Change-Id: Ib371df18f3fb2c