LDAP list group users not fail if user entry deleted
Using the LDAP identity backend, if a group member entry doesn't exist in the LDAP server anymore and the group's members are listed using GET /v3/groups/{groupId}/users, Keystone returns 404 Not Found. The server should return all the group members that do exist and ignore the missing members. Fixes bug 1174585 Change-Id: I97b53e3d5a5810aa0818b785e23a1948499b29e8
This commit is contained in:
parent
31863d1b41
commit
600c38bae5
@ -370,7 +370,13 @@ class Identity(identity.Driver):
|
||||
users = []
|
||||
for user_dn in self.group.list_group_users(group_id):
|
||||
user_id = self.user._dn_to_id(user_dn)
|
||||
users.append(self.user.get(user_id))
|
||||
try:
|
||||
users.append(self.user.get(user_id))
|
||||
except exception.UserNotFound:
|
||||
LOG.debug(_("Group member '%(user_dn)s' not found in"
|
||||
" '%(group_id)s'. The user should be removed"
|
||||
" from the group. The user will be ignored.") %
|
||||
dict(user_dn=user_dn, group_id=group_id))
|
||||
return self._set_default_domain(users)
|
||||
|
||||
def check_user_in_group(self, user_id, group_id):
|
||||
@ -869,11 +875,5 @@ class GroupApi(common_ldap.BaseLdap):
|
||||
for user_dn in user_dns:
|
||||
if self.use_dumb_member and user_dn == self.dumb_member:
|
||||
continue
|
||||
try:
|
||||
users.append(user_dn)
|
||||
except exception.UserNotFound:
|
||||
LOG.debug(_("Group member '%(user_dn)s' not found in"
|
||||
" '%(group_dn)s'. The user should be removed"
|
||||
" from the group. The user will be ignored.") %
|
||||
dict(user_dn=user_dn, group_dn=group_dn))
|
||||
users.append(user_dn)
|
||||
return users
|
||||
|
@ -577,8 +577,10 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
|
||||
|
||||
self.identity_api.add_user_to_group(user_2_id, group_id)
|
||||
|
||||
# Delete user 2.
|
||||
self.identity_api.delete_user(user_2_id)
|
||||
# Delete user 2
|
||||
# NOTE(blk-u): need to go directly to user interface to keep from
|
||||
# updating the group.
|
||||
self.identity_api.user.delete(user_2_id)
|
||||
|
||||
# List group users and verify only user 1.
|
||||
res = self.identity_api.list_users_in_group(group_id)
|
||||
|
Loading…
Reference in New Issue
Block a user