Adding the charm because maybe there's a more unique field we can use than uid, given this behaviour with re-use of uid's
** Project changed: keystone => charm-keystone-ldap ** Also affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1722293 Title: Keystone not removing mapping between deleted LDAP user and Openstack Status in OpenStack Keystone LDAP integration: New Status in OpenStack Identity (keystone): New Bug description: Keystone not removing mapping between deleted LDAP user and Openstack The client is using LDAP for authentication and has used uid as a key for user_id_attribute. The client created a LDAP user say ABC with UID=100, this user is associated with an OpenStack user ABC. The relationship is recorded in id_mapping table within keystone database. Now when the client delete the ldap user ABC, the entry is not deleted from the id_mapping table. Thus when the client create a new ldap user XYZ which get the same UID=100, the incorrect record in id_mapping restrict the new user XYZ from authenticating and successfully log on to OpenStack. Note: there is not record for XYZ within the id_mapping table. Details of domain config: # User supplied configuration flags user_filter = (memberof=cn=xxx,ou=Group,dc=xxx,dc=xxx) user_id_attribute = uidNumber user_name_attribute = uid user_objectclass = posixAccount user_tree_dn = ou=xxxxx,dc=xxx,dc=xx [identity] driver = ldap Table Description mysql> desc id_mapping; +-------------+----------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+----------------------+------+-----+---------+-------+ | public_id | varchar(64) | NO | PRI | NULL | | | domain_id | varchar(64) | NO | MUL | NULL | | | local_id | varchar(64) | NO | | NULL | | | entity_type | enum('user','group') | NO | | NULL | | +-------------+----------------------+------+-----+---------+-------+ To manage notifications about this bug go to: https://bugs.launchpad.net/charm-keystone-ldap/+bug/1722293/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp