This patch is supposed to fix the bug 'Unable to delete domain if user
from other domain was added', but because of the recent changes this
should be done by configuring domain-specifc LDAPs. However the original
scenario must not be reproducible.
The rule is that if you have the standard LDAP driver for identity
(without configuring domain-specifc LDAPs), then you can really only
have the default domain. However currently it's possible to create
domains with the folowing configuration:
Reviewed: https:/ /review. openstack. org/116858 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=0da55a921f4 bac227a743be991 705986294e94de
Committed: https:/
Submitter: Jenkins
Branch: master
commit 0da55a921f4bac2 27a743be9917059 86294e94de
Author: Alexey Miroshkin <email address hidden>
Date: Tue Aug 26 15:34:22 2014 +0400
Prevent domains creation for the default LDAP+SQL
This patch is supposed to fix the bug 'Unable to delete domain if user
from other domain was added', but because of the recent changes this
should be done by configuring domain-specifc LDAPs. However the original
scenario must not be reproducible.
The rule is that if you have the standard LDAP driver for identity
(without configuring domain-specifc LDAPs), then you can really only
have the default domain. However currently it's possible to create
domains with the folowing configuration:
[identity] identity. backends. ldap.Identity assignment. backends. sql.Assignment
driver = keystone.
[assignment]
driver = keystone.
At the same time such new domains can not be updated nor deleted. This
fix prevents new domains creation for such configuration.
Also this fix adds an additional test to MultiLDAPandSQL Identity to make
sure that the original bug has gone.
Closes-Bug: #1262360
Change-Id: I3baee40f74cefa ae601aea34e7563 0cc618ac31a