Public bug reported:
This was observed while trying with ldap and custom driver users (not
sure of the behavior for federated and sql users).
It's found that after ldap / custom driver user is configured with OpenStack
and a user authentication request is placed (token issue for eg.), there are
entries made into 3 tables:
- User
- local_user
- nonlocal_user
As seen below, the ldap user name is avni_u1
MariaDB [keystone]> select * from id_mapping where
public_id="b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510";
+------------------------------------------------------------------+-----------+----------+-------------+
| public_id | domain_id
| local_id | entity_type |
+------------------------------------------------------------------+-----------+----------+-------------+
| b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | default
| avni_u1 | user |
+------------------------------------------------------------------+-----------+----------+-------------+
1 row in set (0.00 sec)
MariaDB [keystone]> select * from user;
+------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
| id | extra
| enabled | default_project_id |
created_at | last_active_at |
+------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
| b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 |
{"description": "user with admin role"} | NULL | NULL
| 2016-08-19 13:32:44 | NULL |
+------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
1 rows in set (0.00 sec)
MariaDB [keystone]> select * from local_user;
+----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
| id | user_id |
domain_id | name | failed_auth_count |
failed_auth_at |
+----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
| | 1 | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 |
default | avni_u1 | NULL | NULL
|
+----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
1 rows in set (0.00 sec)
MariaDB [keystone]> select * from nonlocal_user;
+----------------------------------+------------+------------------------------------------------------------------+
| domain_id | name | user_id
|
+----------------------------------+------------+------------------------------------------------------------------+
| | default | avni_u1 |
b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 |
|
+----------------------------------+------------+------------------------------------------------------------------+
This behavior is probably not new and is caused due to
https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql_model.py#L147
** Affects: keystone
Importance: Undecided
Assignee: Ron De Rose (ronald-de-rose)
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1615000
Title:
Entry to User table creates entries in local_user table for ldap and
custom driver users
Status in OpenStack Identity (keystone):
New
Bug description:
This was observed while trying with ldap and custom driver users (not
sure of the behavior for federated and sql users).
It's found that after ldap / custom driver user is configured with OpenStack
and a user authentication request is placed (token issue for eg.), there are
entries made into 3 tables:
- User
- local_user
- nonlocal_user
As seen below, the ldap user name is avni_u1
MariaDB [keystone]> select * from id_mapping where
public_id="b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510";
+------------------------------------------------------------------+-----------+----------+-------------+
| public_id |
domain_id | local_id | entity_type |
+------------------------------------------------------------------+-----------+----------+-------------+
| b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | default
| avni_u1 | user |
+------------------------------------------------------------------+-----------+----------+-------------+
1 row in set (0.00 sec)
MariaDB [keystone]> select * from user;
+------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
| id | extra
| enabled | default_project_id |
created_at | last_active_at |
+------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
| b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 |
{"description": "user with admin role"} | NULL | NULL
| 2016-08-19 13:32:44 | NULL |
+------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
1 rows in set (0.00 sec)
MariaDB [keystone]> select * from local_user;
+----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
| id | user_id |
domain_id | name | failed_auth_count |
failed_auth_at |
+----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
| | 1 | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 |
default | avni_u1 | NULL | NULL
|
+----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
1 rows in set (0.00 sec)
MariaDB [keystone]> select * from nonlocal_user;
+----------------------------------+------------+------------------------------------------------------------------+
| domain_id | name | user_id
|
+----------------------------------+------------+------------------------------------------------------------------+
| | default | avni_u1 |
b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 |
|
+----------------------------------+------------+------------------------------------------------------------------+
This behavior is probably not new and is caused due to
https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql_model.py#L147
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1615000/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
