Disabling user in ldap breaks user-list for project
Bug #1408845 reported by
Oleksii Aleksieiev
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Expired
|
Undecided
|
Unassigned |
Bug Description
Disabling user in ldap brakes user-list for project.
Step to reproduce.
* create a "testuser" user in ldap backend for keystone.
* check that user exist in user list.
* assign some role to this user in any test project.
* check that this user appear in keystone user-list --tenant_
* disable this user in ldap or remove it from the group.
* the user will disappear from user list but the command keystone user-list --tenant_
The workaround is to remove role for user from user_project_
summary: |
- Disabling user in ldap brakes user-list for project + Disabling user in ldap breaks user-list for project |
description: | updated |
To post a comment you must log in.
I think we need more info here, like the actual server logs that indicate where the exception is happening. I tried to replicate this with devstack and i couldn't disable the user:
$ keystone user-update testo --enabled false 4376-498c- a7a7-47a45cfd9b 77)
Unable to update user: You are not authorized to perform the requested action: Disabling an entity where the 'enable' attribute is ignored by configuration. (Disable debug mode to suppress these details.) (HTTP 403) (Request-ID: req-327ab96c-