Without this change, when an admin tries to delete an LDAP-backed
domain, it fails due to the foreign key relationship in the users table.
Previously, we were assuming that LDAP users existed solely in the LDAP
directory, but this is not true with shadow users. This patch fixes the
logic to delete the shadow users upon domain deletion.
Altered cherry-pick: use injected API provider since provider_api
mechanism doesn't exist in pike.
Change-Id: I12a08001e3aa08e4db9438cae425ad1a0a8070f7
Closes-bug: #1801873
(cherry picked from commit 1b16725d066f71a833ca74656c0c3dfe5f815e98)
Reviewed: https:/ /review. openstack. org/649378 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=d76a068d134 8da467cd1b5db51 8c7739ce9f7488
Committed: https:/
Submitter: Zuul
Branch: stable/pike
commit d76a068d1348da4 67cd1b5db518c77 39ce9f7488
Author: Colleen Murphy <email address hidden>
Date: Mon Mar 25 15:50:26 2019 +0100
Delete shadow users when domain is deleted
Without this change, when an admin tries to delete an LDAP-backed
domain, it fails due to the foreign key relationship in the users table.
Previously, we were assuming that LDAP users existed solely in the LDAP
directory, but this is not true with shadow users. This patch fixes the
logic to delete the shadow users upon domain deletion.
Altered cherry-pick: use injected API provider since provider_api
mechanism doesn't exist in pike.
Change-Id: I12a08001e3aa08 e4db9438cae425a d1a0a8070f7 833ca74656c0c3d fe5f815e98)
Closes-bug: #1801873
(cherry picked from commit 1b16725d066f71a