Reviewed: https://review.opendev.org/688939 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=d6977a0e9b3ed8ae80527d6f6ace67b687b46c60 Submitter: Zuul Branch: master
commit d6977a0e9b3ed8ae80527d6f6ace67b687b46c60 Author: Sami MAKKI <[email protected]> Date: Wed Oct 16 16:10:15 2019 +0200 Remove group deletion for non-sql driver when removing domains. As LDAP is now read-only, trying to remove it was throwing an error. We now only try to delete it when the driver is sql-based. Change-Id: I15b92b35b31d0e5d735a629e7c154ddd7bdda03d Closes-bug: #1848238 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1848238 Title: cannot delete a ldap domain with groups Status in OpenStack Identity (keystone): Fix Released Bug description: I setup a domain with domain-specific backends, and configured one with ldap driver. When I tried to delete the domain, I got an error message: Failed to delete domain with name or ID '1d97d0d6fdcd402fa058549d7f297b8b': LDAP does not support write operations. After some investigation ( thanks @cmurphy ), it turned out that there was an exception raised during the group deletion, here: https://opendev.org/openstack/keystone/src/branch/stable/stein/keystone/identity/core.py#L509 Removing groups made the deletion possible. Dealing with this deletion the same way a user is deleted ( by checking the backend type ) should fix it: https://opendev.org/openstack/keystone/src/branch/stable/stein/keystone/identity/core.py#L519-L522 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1848238/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
