diff options
| author | Jenkins <jenkins@review.openstack.org> | 2012-10-09 18:51:39 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2012-10-09 18:51:39 +0000 |
| commit | b0eb94dbc0aff690fcbde6d49c3ad5c6578eb7b5 (patch) | |
| tree | 2443d6dc8b723f90dec4e7251f5c01cca9f5e943 /keystone/common | |
| parent | 8236d3b4f6945f6057252e6bc195bec103e9b12d (diff) | |
| parent | ee48c24184462724aa85b603296adb9f3f68934e (diff) | |
Merge "Unable to delete tenant if contains roles in LDAP backend (bug 1057407)"
Diffstat (limited to 'keystone/common')
| -rw-r--r-- | keystone/common/ldap/core.py | 15 | ||||
| -rw-r--r-- | keystone/common/ldap/fakeldap.py | 14 |
2 files changed, 29 insertions, 0 deletions
diff --git a/keystone/common/ldap/core.py b/keystone/common/ldap/core.py index a8b8e970..027bc1be 100644 --- a/keystone/common/ldap/core.py +++ b/keystone/common/ldap/core.py @@ -25,6 +25,7 @@ LOG = logging.getLogger(__name__) LDAP_VALUES = {'TRUE': True, 'FALSE': False} +CONTROL_TREEDELETE = '1.2.840.113556.1.4.805' def py2ldap(val): @@ -103,6 +104,8 @@ class BaseLdap(object): self.structural_classes = self.DEFAULT_STRUCTURAL_CLASSES self.use_dumb_member = getattr(conf.ldap, 'use_dumb_member') or True + self.subtree_delete_enabled = getattr(conf.ldap, + 'allow_subtree_delete') def get_connection(self, user=None, password=None): if self.LDAP_URL.startswith('fake://'): @@ -309,6 +312,14 @@ class BaseLdap(object): conn = self.get_connection() conn.delete_s(self._id_to_dn(id)) + def deleteTree(self, id): + conn = self.get_connection() + tree_delete_control = ldap.controls.LDAPControl(CONTROL_TREEDELETE, + 0, + None) + conn.delete_ext_s(self._id_to_dn(id), + serverctrls=[tree_delete_control]) + class LdapWrapper(object): def __init__(self, url): @@ -362,3 +373,7 @@ class LdapWrapper(object): def delete_s(self, dn): LOG.debug("LDAP delete: dn=%s", dn) return self.conn.delete_s(dn) + + def delete_ext_s(self, dn, serverctrls): + LOG.debug("LDAP delete_ext: dn=%s, serverctrls=%s", dn, serverctrls) + return self.conn.delete_ext_s(dn, serverctrls) diff --git a/keystone/common/ldap/fakeldap.py b/keystone/common/ldap/fakeldap.py index 77d2bfe4..bfbefd78 100644 --- a/keystone/common/ldap/fakeldap.py +++ b/keystone/common/ldap/fakeldap.py @@ -212,6 +212,20 @@ class FakeLdap(object): raise ldap.NO_SUCH_OBJECT self.db.sync() + def delete_ext_s(self, dn, serverctrls): + """Remove the ldap object at specified dn.""" + if server_fail: + raise ldap.SERVER_DOWN + + key = '%s%s' % (self.__prefix, dn) + LOG.debug('FakeLdap delete item: dn=%s', dn) + try: + del self.db[key] + except KeyError: + LOG.error('FakeLdap delete item failed: dn=%s not found.', dn) + raise ldap.NO_SUCH_OBJECT + self.db.sync() + def modify_s(self, dn, attrs): """Modify the object at dn using the attribute list. |