From 3353996454b34bf84bcaa6b7a88797f56b913873 Mon Sep 17 00:00:00 2001
From: Allan Feid <allanfeid@gmail.com>
Date: Fri, 15 Mar 2013 15:58:26 -0400
Subject: [PATCH] Properly handle emulated ldap enablement

Prior to this patch, a member attribute will attempt to be added to the enabled
project even if it already exists. This fails to pass since in LDAP you cannot
have two of the same member attributes in an object.

Change-Id: Ic2373b01eb9921fbf5e9ad828628119288821dba
Fixes: bug #1155234
---
 keystone/common/ldap/core.py | 27 ++++++++++++++-------------
 tests/_ldap_livetest.py      |  6 ------
 2 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/keystone/common/ldap/core.py b/keystone/common/ldap/core.py
index a8b4fdabe9..7e491131a4 100644
--- a/keystone/common/ldap/core.py
+++ b/keystone/common/ldap/core.py
@@ -496,19 +496,20 @@ class EnabledEmuMixIn(BaseLdap):
             return bool(enabled_value)
 
     def _add_enabled(self, object_id):
-        conn = self.get_connection()
-        modlist = [(ldap.MOD_ADD,
-                    'member',
-                    [self._id_to_dn(object_id)])]
-        try:
-            conn.modify_s(self.enabled_emulation_dn, modlist)
-        except ldap.NO_SUCH_OBJECT:
-            attr_list = [('objectClass', ['groupOfNames']),
-                         ('member',
-                         [self._id_to_dn(object_id)])]
-            if self.use_dumb_member:
-                attr_list[1][1].append(self.dumb_member)
-            conn.add_s(self.enabled_emulation_dn, attr_list)
+        if not self._get_enabled(object_id):
+            conn = self.get_connection()
+            modlist = [(ldap.MOD_ADD,
+                        'member',
+                        [self._id_to_dn(object_id)])]
+            try:
+                conn.modify_s(self.enabled_emulation_dn, modlist)
+            except ldap.NO_SUCH_OBJECT:
+                attr_list = [('objectClass', ['groupOfNames']),
+                             ('member',
+                             [self._id_to_dn(object_id)])]
+                if self.use_dumb_member:
+                    attr_list[1][1].append(self.dumb_member)
+                conn.add_s(self.enabled_emulation_dn, attr_list)
 
     def _remove_enabled(self, object_id):
         conn = self.get_connection()
diff --git a/tests/_ldap_livetest.py b/tests/_ldap_livetest.py
index 5f5f60cd91..d6a7a63d74 100644
--- a/tests/_ldap_livetest.py
+++ b/tests/_ldap_livetest.py
@@ -92,9 +92,3 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
 
     def test_user_enable_attribute_mask(self):
         raise nose.exc.SkipTest('Test is for Active Directory Only')
-
-    def test_configurable_allowed_project_actions(self):
-        raise nose.exc.SkipTest('Blocked by bug 1155234')
-
-    def test_project_crud(self):
-        raise nose.exc.SkipTest('Blocked by bug 1155234')