[LDAP Keystone]Fail to remove tenant even if all members are removed.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Adam Young |
Bug Description
Version:
I applied the latest LDAP codes by 09/21/2012 on keystone.
Operations:
Add tenant via GUI
Add a user to the tenant.
Remove user from the tenant
Remove tenant--Fail
Keystone log:
Traceback (most recent call last):
File "/usr/lib/
result = method(context, **params)
File "/usr/lib/
self.
File "/usr/lib/
return f(*args, **kw)
File "/usr/lib/
return self.tenant.
File "/usr/lib/
super(
File "/usr/lib/
conn.
File "/usr/lib/
return self.conn.
File "/usr/lib/
return self.delete_
File "/usr/lib/
return self.result(
File "/usr/lib/
res_
File "/usr/lib/
res_type, res_data, res_msgid, srv_ctrls = self.result3(
File "/usr/lib/
ldap_result = self._ldap_
File "/usr/lib/
result = func(*args,
NOT_ALLOWED_
(eventlet.
The error is because there are still Admin/Member role entries left in the Group or Tenant.
# c490cadbebb7440
mydomain.com
dn: cn=c490cadbebb7
=Groups,
objectClass: organizationalRole
roleOccupant: cn=dumb,
cn: c490cadbebb7440
Workaround: If the role entry is removed manually from ldap server. The group or tenant can be successfully removed.
adam - would you mind taking a look at this bug and seeing if you can repro?