Cannot assign user name; name does not conform

[Vitali]

Hi all,

My current set up is as follows:

I set up Gerrit 2.1 w/ authentication against LDAP. I had signed in
with my LDAP account and everything worked great.
I then upgraded to Gerrit 2.1.2 and had people log in.

They can log in, however, the SSH user name is blank which means they
can't actually push anything in git (and since it's LDAP
authenticated, the username field is disabled).

I was looking at the logs when someone logged in for the first time:

ERROR com.google.gerrit.server.account.AccountManager : Cannot assign
user name "foo bar" to account XXXXXXX; name does not conform.

(anonymized the user name).

So my question is how can I fix this (our LDAP names are "<firstname>
<lastname>"). Is there some ldap expression I can put for
ldap.accountSshUserName?

Also, on a related note, can someone tell me how I can delete a user
from gerrit? I want to remove mine so that I can test if it's working
but more importantly, once it is, I need to fix existing accounts.
There is no caching configured for ldap (according to the docs this is
the equivalent of disabled).

Thanks,
Vitali

[Shawn Pearce]

On Wed, Mar 3, 2010 at 18:33, Vitali <vlo...@gmail.com> wrote:
> I was looking at the logs when someone logged in for the first time:
>
> ERROR com.google.gerrit.server.account.AccountManager : Cannot assign
> user name "foo bar" to account XXXXXXX; name does not conform.

User names cannot contain spaces. Currently they are restricted to be
strings that match the following regular expression:

^[a-zA-Z][a-zA-Z0-9._-]*[a-zA-Z0-9]$

Whatever your LDAP server is returning, its supplying something that
Gerrit is rejecting.

> So my question is how can I fix this (our LDAP names are "<firstname>
> <lastname>").  Is there some ldap expression I can put for
> ldap.accountSshUserName?

Yes. See http://gerrit.googlecode.com/svn/documentation/2.1/config-gerrit.html#ldap.accountSshUserName

> Also, on a related note, can someone tell me how I can delete a user
> from gerrit?

Its horribly painful. You have to delete the matching record from
accounts table, and from account_external_ids. But then any comments
or changes you had will be orphaned and will start showing up with
weird generic user information. I can't say I would encourage
deleting an account by editing the database.

What you can do is remove your username record and then try logging
in, it should resync the name from LDAP. Find your Account ID on your
Settings page in the web UI, and then do:

DELETE FROM account_external_ids WHERE external_id LIKE 'username:%'
AND account_id = 10005;

[Vitali Lovich]

Sorry - I've never used LDAP.  What would be the expression to convert <Firstname> <Lastname> into <first name>.<last name>.  Thanks

--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

[Shawn Pearce]

On Wed, Mar 3, 2010 at 19:36, Vitali Lovich <vlo...@gmail.com> wrote:
> Sorry - I've never used LDAP.  What would be the expression to convert
> <Firstname> <Lastname> into <first name>.<last name>.  Thanks

You can try ${givenName}.${sn}

[Priyank Thakkar]

Hi,

I tried this solution. In my gerrit.config file i kept 

[ldap]

    ......

    some config

    ......

    accountPattern = ${givenName}.${sn}

after that i restarted tomcat... it says authentication unavailable.