LDAP list groups with missing member entry

Using the LDAP identity backend,
if a group member entry doesn't exist in the LDAP server anymore
and the group's members are listed using GET /v3/groups/{groupId}/users,
Keystone returns 404 Not Found.

The server should return all the group members that do exist
and ignore the missing members,
and probably log a warning message about the missing user.

Fixes bug 1174585

Change-Id: Idf7c8c7f87affc4a72c5fe5e18e09a0f362e2646

1 files changed, 11 insertions, 2 deletions

diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py
index faaed168..58ab3bd0 100644
--- a/keystone/identity/backends/ldap/core.py
+++ b/keystone/identity/backends/ldap/core.py
@@ -21,6 +21,7 @@ import ldap
 from keystone import clean
 from keystone.common import ldap as common_ldap
 from keystone.common.ldap import fakeldap
+from keystone.common import logging
 from keystone.common import models
 from keystone.common import utils
 from keystone import config
@@ -29,6 +30,8 @@ from keystone import identity
 
 CONF = config.CONF
 
+LOG = logging.getLogger(__name__)
+
 
 class Identity(identity.Driver):
     def __init__(self):
@@ -922,8 +925,14 @@ class GroupApi(common_ldap.BaseLdap, ApiShimMixin):
             for user_dn in user_dns:
                 if self.use_dumb_member and user_dn == self.dumb_member:
                     continue
-                user_id = self.user_api._dn_to_id(user_dn)
-                users.append(self.user_api.get(user_id))
+                try:
+                    user_id = self.user_api._dn_to_id(user_dn)
+                    users.append(self.user_api.get(user_id))
+                except exception.UserNotFound:
+                    LOG.debug(_("Group member '%(user_dn)s' not found in"
+                                " '%(group_dn)s'. The user should be removed"
+                                " from the group. The user will be ignored.") %
+                              dict(user_dn=user_dn, group_dn=group_dn))
         return users