Properly handle emulated ldap enablement

Prior to this patch, a member attribute will attempt to be added to the enabled project even if it already exists. This fails to pass since in LDAP you cannot have two of the same member attributes in an object. Change-Id: Ic2373b01eb9921fbf5e9ad828628119288821dba Fixes: bug #1155234
2013-03-15 15:58:26 -04:00 · 2013-03-15 15:58:26 -04:00 · 3353996454
commit 3353996454
parent 5cb8e1f2e5
2 changed files with 14 additions and 19 deletions
--- a/keystone/common/ldap/core.py
+++ b/keystone/common/ldap/core.py
@ -496,19 +496,20 @@ class EnabledEmuMixIn(BaseLdap):
            return bool(enabled_value)

    def _add_enabled(self, object_id):
-        conn = self.get_connection()
-        modlist = [(ldap.MOD_ADD,
-                    'member',
-                    [self._id_to_dn(object_id)])]
-        try:
-            conn.modify_s(self.enabled_emulation_dn, modlist)
-        except ldap.NO_SUCH_OBJECT:
-            attr_list = [('objectClass', ['groupOfNames']),
-                         ('member',
-                         [self._id_to_dn(object_id)])]
-            if self.use_dumb_member:
-                attr_list[1][1].append(self.dumb_member)
-            conn.add_s(self.enabled_emulation_dn, attr_list)
+        if not self._get_enabled(object_id):
+            conn = self.get_connection()
+            modlist = [(ldap.MOD_ADD,
+                        'member',
+                        [self._id_to_dn(object_id)])]
+            try:
+                conn.modify_s(self.enabled_emulation_dn, modlist)
+            except ldap.NO_SUCH_OBJECT:
+                attr_list = [('objectClass', ['groupOfNames']),
+                             ('member',
+                             [self._id_to_dn(object_id)])]
+                if self.use_dumb_member:
+                    attr_list[1][1].append(self.dumb_member)
+                conn.add_s(self.enabled_emulation_dn, attr_list)

    def _remove_enabled(self, object_id):
        conn = self.get_connection()
--- a/tests/_ldap_livetest.py
+++ b/tests/_ldap_livetest.py
@ -92,9 +92,3 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):

    def test_user_enable_attribute_mask(self):
        raise nose.exc.SkipTest('Test is for Active Directory Only')
-
-    def test_configurable_allowed_project_actions(self):
-        raise nose.exc.SkipTest('Blocked by bug 1155234')
-
-    def test_project_crud(self):
-        raise nose.exc.SkipTest('Blocked by bug 1155234')