cannot delete a ldap domain with groups

Bug #1848238 reported by Sami Makki on 2019-10-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Colleen Murphy

Bug Description

I setup a domain with domain-specific backends, and configured one with ldap driver.

When I tried to delete the domain, I got an error message:

Failed to delete domain with name or ID '1d97d0d6fdcd402fa058549d7f297b8b': LDAP does not support write operations.

After some investigation ( thanks @cmurphy ), it turned out that there was an exception raised during the group deletion, here:

Removing groups made the deletion possible.

Dealing with this deletion the same way a user is deleted ( by checking the backend type ) should fix it:

Colleen Murphy (krinkle) on 2019-10-15
Changed in keystone:
status: New → Triaged
importance: Undecided → Medium

Fix proposed to branch: master

Changed in keystone:
assignee: nobody → Sami Makki (smakki)
status: Triaged → In Progress
Changed in keystone:
assignee: Sami Makki (smakki) → Colleen Murphy (krinkle)
Changed in keystone:
assignee: Colleen Murphy (krinkle) → Sami Makki (smakki)
Changed in keystone:
assignee: Sami Makki (smakki) → Colleen Murphy (krinkle)

Submitter: Zuul
Branch: master

commit d6977a0e9b3ed8ae80527d6f6ace67b687b46c60
Author: Sami MAKKI <email address hidden>
Date: Wed Oct 16 16:10:15 2019 +0200

    Remove group deletion for non-sql driver when removing domains.

    As LDAP is now read-only, trying to remove it was throwing an error.
    We now only try to delete it when the driver is sql-based.

    Change-Id: I15b92b35b31d0e5d735a629e7c154ddd7bdda03d
    Closes-bug: #1848238

Changed in keystone:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers