Bug 1072988

Summary: [RFE] keystone config migration to ldap requires manual changes into sql database
Product: Red Hat OpenStack Reporter: Giulio Fidente <gfidente>
Component: openstack-keystoneAssignee: RHOS Maint <rhos-maint>
Status: CLOSED WONTFIX QA Contact: Ami Jeain <ajeain>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.0CC: ayoung, nkinder, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: 5.0 (RHEL 7)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-27 14:46:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Giulio Fidente 2014-03-05 15:04:54 UTC 
Description of problem:
if user attempts to change the keystone config to use an ldap backend for Identity and an sql backend for Assignments, it is forced to update manually the database relations created for all the pre-existing users in "user_project_metadata.user_id" as users there are referenced by UUID


Version-Release number of selected component (if applicable):
openstack-keystone-2013.2.2-1.el6ost.noarch


Expected:
A migration script could probably update the references by matching old UUIDs to LDAP users and update the user_id field accordingly
Comment 2 Nathan Kinder 2014-03-27 14:46:28 UTC 
We don't see this sort of migration as a common use case. It is possible to write a script to perform the migration, but it's likely something that could best be done on a one-off basis or when the need arises.