Public bug reported: This was observed while trying with ldap and custom driver users (not sure of the behavior for federated and sql users).
It's found that after ldap / custom driver user is configured with OpenStack and a user authentication request is placed (token issue for eg.), there are entries made into 3 tables: - User - local_user - nonlocal_user As seen below, the ldap user name is avni_u1 MariaDB [keystone]> select * from id_mapping where public_id="b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510"; +------------------------------------------------------------------+-----------+----------+-------------+ | public_id | domain_id | local_id | entity_type | +------------------------------------------------------------------+-----------+----------+-------------+ | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | default | avni_u1 | user | +------------------------------------------------------------------+-----------+----------+-------------+ 1 row in set (0.00 sec) MariaDB [keystone]> select * from user; +------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+ | id | extra | enabled | default_project_id | created_at | last_active_at | +------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+ | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | {"description": "user with admin role"} | NULL | NULL | 2016-08-19 13:32:44 | NULL | +------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+ 1 rows in set (0.00 sec) MariaDB [keystone]> select * from local_user; +----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+ | id | user_id | domain_id | name | failed_auth_count | failed_auth_at | +----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+ | | 1 | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | default | avni_u1 | NULL | NULL | +----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+ 1 rows in set (0.00 sec) MariaDB [keystone]> select * from nonlocal_user; +----------------------------------+------------+------------------------------------------------------------------+ | domain_id | name | user_id | +----------------------------------+------------+------------------------------------------------------------------+ | | default | avni_u1 | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | | +----------------------------------+------------+------------------------------------------------------------------+ This behavior is probably not new and is caused due to https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql_model.py#L147 ** Affects: keystone Importance: Undecided Assignee: Ron De Rose (ronald-de-rose) Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1615000 Title: Entry to User table creates entries in local_user table for ldap and custom driver users Status in OpenStack Identity (keystone): New Bug description: This was observed while trying with ldap and custom driver users (not sure of the behavior for federated and sql users). It's found that after ldap / custom driver user is configured with OpenStack and a user authentication request is placed (token issue for eg.), there are entries made into 3 tables: - User - local_user - nonlocal_user As seen below, the ldap user name is avni_u1 MariaDB [keystone]> select * from id_mapping where public_id="b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510"; +------------------------------------------------------------------+-----------+----------+-------------+ | public_id | domain_id | local_id | entity_type | +------------------------------------------------------------------+-----------+----------+-------------+ | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | default | avni_u1 | user | +------------------------------------------------------------------+-----------+----------+-------------+ 1 row in set (0.00 sec) MariaDB [keystone]> select * from user; +------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+ | id | extra | enabled | default_project_id | created_at | last_active_at | +------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+ | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | {"description": "user with admin role"} | NULL | NULL | 2016-08-19 13:32:44 | NULL | +------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+ 1 rows in set (0.00 sec) MariaDB [keystone]> select * from local_user; +----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+ | id | user_id | domain_id | name | failed_auth_count | failed_auth_at | +----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+ | | 1 | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | default | avni_u1 | NULL | NULL | +----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+ 1 rows in set (0.00 sec) MariaDB [keystone]> select * from nonlocal_user; +----------------------------------+------------+------------------------------------------------------------------+ | domain_id | name | user_id | +----------------------------------+------------+------------------------------------------------------------------+ | | default | avni_u1 | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | | +----------------------------------+------------+------------------------------------------------------------------+ This behavior is probably not new and is caused due to https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql_model.py#L147 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1615000/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp