OpenStack Identity (keystone)

  1. Bug #1262360
  2. Comment #10

Comment 10 for bug 1262360

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/116858
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0da55a921f4bac227a743be991705986294e94de
Submitter: Jenkins
Branch: master

commit 0da55a921f4bac227a743be991705986294e94de
Author: Alexey Miroshkin <email address hidden>
Date: Tue Aug 26 15:34:22 2014 +0400

    Prevent domains creation for the default LDAP+SQL

    This patch is supposed to fix the bug 'Unable to delete domain if user
    from other domain was added', but because of the recent changes this
    should be done by configuring domain-specifc LDAPs. However the original
    scenario must not be reproducible.

    The rule is that if you have the standard LDAP driver for identity
    (without configuring domain-specifc LDAPs), then you can really only
    have the default domain. However currently it's possible to create
    domains with the folowing configuration:

    [identity]
    driver = keystone.identity.backends.ldap.Identity
    [assignment]
    driver = keystone.assignment.backends.sql.Assignment

    At the same time such new domains can not be updated nor deleted. This
    fix prevents new domains creation for such configuration.

    Also this fix adds an additional test to MultiLDAPandSQLIdentity to make
    sure that the original bug has gone.

    Closes-Bug: #1262360

    Change-Id: I3baee40f74cefaae601aea34e75630cc618ac31a