Comment 1 for bug 1848342

Thanks for the detailed bug report, I've managed to reproduce the issue.

The problem is not that the entries are duplicated in list output, that is just a symptom. The problem is that an ephemeral federated user is ending up being created in the local_user table, which should never happen. In this case, it's because your mapping has the "email" property in the user, and it's hitting this case:

https://opendev.org/openstack/keystone/src/commit/f9a086e16599123fba8a12c1c06bec73565a0ebc/keystone/identity/core.py#L1419-L1422

It's running the update_user method on the identity sql driver. Even though the local user doesn't exist, since it's running against the user table, it successfully finds the shadow user:

https://opendev.org/openstack/keystone/src/commit/f9a086e16599123fba8a12c1c06bec73565a0ebc/keystone/identity/backends/sql.py#L206

but then for some reason recreates the record in the local_user table:

https://opendev.org/openstack/keystone/src/commit/f9a086e16599123fba8a12c1c06bec73565a0ebc/keystone/identity/backends/sql.py#L210

So we'll need to fix that, rather than filter the output.

(For anyone else trying to reproduce this, it helps to disable keystone caching, otherwise the issue only appears intermittently.)