--
Cheers
Olivier
--
To unsubscribe, email repo-discuss+unsubscribe@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
"ssh gerrit gerrit create-account ..." creates a service user that is not able to login in the WebUI (it doesn't have an external ID for web login).
I think what's happening is that on WebUI login it tries to create another user (because it doesn't see the user that you created before due to the missing external ID) and the username of this new user collides with the username of the user that you have created before.Kinda WAI. With using LDAP only users that exist in LDAP are able to login in the WebUI.
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
On 2017-12-27 08:18, luca.mi...@gmail.com wrote:
"ssh gerrit gerrit create-account ..." creates a service user that is not able to login in the WebUI (it doesn't have an external ID for web login).
I see, thanks for the answer. Too bad that Gerrit doesn't support this use case.I think what's happening is that on WebUI login it tries to create another user (because it doesn't see the user that you created before due to the missing external ID) and the username of this new user collides with the username of the user that you have created before.Kinda WAI. With using LDAP only users that exist in LDAP are able to login in the WebUI.
What would you expect to see?It is good that a service user which is intended for batch and automation cannot be shared with a regular LDAP account user identity.
Hello Luca,
I don't want to share identities between local and LDAP accounts. I would like a pure local account that I can use to log in the web interface independently of LDAP.
It's not a very important use case, but I don't understand the limitation from a user perspective.
On 27 Dec 2017, at 15:10, Olivier Croquette <ocroq...@free.fr> wrote:
On 2017-12-27 13:02, luca.mi...@gmail.com wrote:That is forbidden on purpose: typically companies rely on a central LDAP Auth to define a unique way to create, manage and admin accounts.
If anyone leaves the company, you remove it on the central LDAP and all the systems are automatically locked up for him.
If you allow a non-LDAP user to be a full interactive user, then it would violate the company policies
Like mentioned earlier, the use case is a local admin account ("gerrit-admin") as a fallback. Many applications allow this, for instance Linux itself, Teamcity, JIRA... To decide whether this is good practice or not should be up to the given admins.
Another use case I can think of is to use Gerrit standalone without an external authentication authority. There is currently no good solution for simple setups, for instance for evaluation or tests. That would be a step in the right direction.
On 2017-12-27 08:18, luca.mi...@gmail.com wrote:
"ssh gerrit gerrit create-account ..." creates a service user that is not able to login in the WebUI (it doesn't have an external ID for web login).
I see, thanks for the answer. Too bad that Gerrit doesn't support this use case.I think what's happening is that on WebUI login it tries to create another user (because it doesn't see the user that you created before due to the missing external ID) and the username of this new user collides with the username of the user that you have created before.Kinda WAI. With using LDAP only users that exist in LDAP are able to login in the WebUI.
What would you expect to see?It is good that a service user which is intended for batch and automation cannot be shared with a regular LDAP account user identity.