1ab693ced8
If a group gets deleted out-of-band in an LDAP environment, the role assignments cannot be cleaned as it checks the existence of the group before triggering the deletion. This fix adds the ability to ignore non-existant group and clean up stale role assignments. We take the same approach with user assignments. Co-Authored-By: Lance Bragstad <lbragstad@gmail.com> Change-Id: I975c8325f50b412c3aa256e1940a27082c009cce Closes-Bug: #1751045
8 lines
324 B
YAML
8 lines
324 B
YAML
---
|
|
fixes:
|
|
- |
|
|
[`bug 1751045 <https://bugs.launchpad.net/keystone/+bug/1751045>`_]
|
|
It is now possible to clean up role assignments for groups that don't exist
|
|
in the identity backend. This is relevant to deployments that are backed by
|
|
LDAP and groups are removed directly by LDAP and not through keystone.
|