cannot delete a ldap domain with groups

Bug #1848238 reported by Sami Makki on 2019-10-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
Colleen Murphy

Bug Description

I setup a domain with domain-specific backends, and configured one with ldap driver.

When I tried to delete the domain, I got an error message:

Failed to delete domain with name or ID '1d97d0d6fdcd402fa058549d7f297b8b': LDAP does not support write operations.

After some investigation ( thanks @cmurphy ), it turned out that there was an exception raised during the group deletion, here: https://opendev.org/openstack/keystone/src/branch/stable/stein/keystone/identity/core.py#L509

Removing groups made the deletion possible.

Dealing with this deletion the same way a user is deleted ( by checking the backend type ) should fix it: https://opendev.org/openstack/keystone/src/branch/stable/stein/keystone/identity/core.py#L519-L522

Colleen Murphy (krinkle) on 2019-10-15
Changed in keystone:
status: New → Triaged
importance: Undecided → Medium

Fix proposed to branch: master
Review: https://review.opendev.org/688939

Changed in keystone:
assignee: nobody → Sami Makki (smakki)
status: Triaged → In Progress
Changed in keystone:
assignee: Sami Makki (smakki) → Colleen Murphy (krinkle)
Changed in keystone:
assignee: Colleen Murphy (krinkle) → Sami Makki (smakki)
Changed in keystone:
assignee: Sami Makki (smakki) → Colleen Murphy (krinkle)

Reviewed: https://review.opendev.org/688939
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=d6977a0e9b3ed8ae80527d6f6ace67b687b46c60
Submitter: Zuul
Branch: master

commit d6977a0e9b3ed8ae80527d6f6ace67b687b46c60
Author: Sami MAKKI <email address hidden>
Date: Wed Oct 16 16:10:15 2019 +0200

    Remove group deletion for non-sql driver when removing domains.

    As LDAP is now read-only, trying to remove it was throwing an error.
    We now only try to delete it when the driver is sql-based.

    Change-Id: I15b92b35b31d0e5d735a629e7c154ddd7bdda03d
    Closes-bug: #1848238

Changed in keystone:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers