From 4eb8233d9c6b73cedf25ea66edaccbcd092e13aa Mon Sep 17 00:00:00 2001 From: Brant Knudson Date: Mon, 29 Apr 2013 19:19:27 -0500 Subject: LDAP list groups with missing member entry Using the LDAP identity backend, if a group member entry doesn't exist in the LDAP server anymore and the group's members are listed using GET /v3/groups/{groupId}/users, Keystone returns 404 Not Found. The server should return all the group members that do exist and ignore the missing members, and probably log a warning message about the missing user. Fixes bug 1174585 Change-Id: Idf7c8c7f87affc4a72c5fe5e18e09a0f362e2646 --- keystone/identity/backends/ldap/core.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'keystone') diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index faaed168..58ab3bd0 100644 --- a/keystone/identity/backends/ldap/core.py +++ b/keystone/identity/backends/ldap/core.py @@ -21,6 +21,7 @@ import ldap from keystone import clean from keystone.common import ldap as common_ldap from keystone.common.ldap import fakeldap +from keystone.common import logging from keystone.common import models from keystone.common import utils from keystone import config @@ -29,6 +30,8 @@ from keystone import identity CONF = config.CONF +LOG = logging.getLogger(__name__) + class Identity(identity.Driver): def __init__(self): @@ -922,8 +925,14 @@ class GroupApi(common_ldap.BaseLdap, ApiShimMixin): for user_dn in user_dns: if self.use_dumb_member and user_dn == self.dumb_member: continue - user_id = self.user_api._dn_to_id(user_dn) - users.append(self.user_api.get(user_id)) + try: + user_id = self.user_api._dn_to_id(user_dn) + users.append(self.user_api.get(user_id)) + except exception.UserNotFound: + LOG.debug(_("Group member '%(user_dn)s' not found in" + " '%(group_dn)s'. The user should be removed" + " from the group. The user will be ignored.") % + dict(user_dn=user_dn, group_dn=group_dn)) return users -- cgit