duplicate accounts

278 views
Skip to first unread message

Mark

unread,
May 5, 2010, 2:59:59 PM5/5/10
to repo-d...@googlegroups.com
Somehow a user on my server has managed to register two accounts (months apart) with the same full name and preferred email.  Gerrit will not let me add him to any reviews or groups - it says he is not a registered user.  Autocompletion shows both accounts but once I hit submit I get the error lightbox.

  1. How did this happen?
    • second login using putting his userid in upper case or vice versa?
    • Shouldn't there be a unique constraint on accounts:preferred_email?
  2. How can I fix?
    • Hopefully one account is not attached to anything and I can just remove it.
  3. How can I prevent?

Also, I use LDAP auth.

--
Mark

--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

Shawn Pearce

unread,
May 5, 2010, 3:07:30 PM5/5/10
to Mark, repo-d...@googlegroups.com
Mark <gri...@mitsein.net> wrote:
> Somehow a user on my server has managed to register two accounts (months
> apart) with the same full name and preferred email. Gerrit will not let me
> add him to any reviews or groups - it says he is not a registered user.
> Autocompletion shows both accounts but once I hit submit I get the error
> lightbox.
>
>
> 1. How did this happen?
> - second login using putting his userid in upper case or vice versa?

Yea, that can cause it with LDAP auth.

> - Shouldn't there be a unique constraint on accounts:preferred_email?

Hmm. Probably. But its too late that point. You can only pick
values from preferred_email which are listed in the email_address
field of account_external_ids. If there is a duplicate there,
we already have this duplicate account scenario.

So the better question is, why isn't there a unique constraint on
the email_address field of account_external_ids? And the answer
is because users can have multiple OpenID accounts from different
authentication systems, but each using the same underlying email.

For LDAP auth environments, this makes no sense though.

> 2. How can I fix?

Use the merge script on the wiki:

http://groups.google.com/group/repo-discuss/web/merging-gerrit-user-accounts

> - Hopefully one account is not attached to anything and I can just
> remove it.

That merge script will replace the from_id with to_id throughout
the database, so if he was attached to anything, it'll carry over
to the account you keep.

> 3. How can I prevent?

I think a few folks have tried installing a trigger in their database
to ensure lowercase on external_id column of account_external_ids
table. I don't know how successful that has been.

Mark

unread,
May 5, 2010, 3:09:30 PM5/5/10
to repo-d...@googlegroups.com
I used to do that, but I pulled it out.  I'd rather have an option that I could enable in the config to crush the case of supplied login ids before they are put through authentication.

Luciano Carvalho

unread,
May 5, 2010, 3:12:03 PM5/5/10
to Shawn Pearce, Mark, repo-d...@googlegroups.com

I do have this one. It works well for 1700 users (and counting). I've never had a duplicate.
 

Mark

unread,
May 5, 2010, 3:26:48 PM5/5/10
to Repo and Gerrit Discussion
On Wed, May 5, 2010 at 2:07 PM, Shawn Pearce <s...@google.com> wrote:

>       2. How can I fix?

Use the merge script on the wiki:

 http://groups.google.com/group/repo-discuss/web/merging-gerrit-user-accounts

>       - Hopefully one account is not attached to anything and I can just
>       remove it.

That merge script will replace the from_id with to_id throughout
the database, so if he was attached to anything, it'll carry over
to the account you keep.

The merge script needs some updating...

Shawn Pearce

unread,
May 5, 2010, 3:31:08 PM5/5/10
to Mark, Repo and Gerrit Discussion
Mark <gri...@mitsein.net> wrote:
> On Wed, May 5, 2010 at 2:07 PM, Shawn Pearce <s...@google.com> wrote:
> > > 2. How can I fix?
> >
> > Use the merge script on the wiki:
> >
> > http://groups.google.com/group/repo-discuss/web/merging-gerrit-user-accounts
>
> The merge script needs some updating...

Updated. Sorry about that...

Mark

unread,
Feb 28, 2011, 11:07:20 AM2/28/11
to Shawn Pearce, Repo and Gerrit Discussion
Is there a latest update for this somewhere now? :)

Philip Stefanov

unread,
Jan 19, 2017, 2:20:50 AM1/19/17
to Repo and Gerrit Discussion, gri...@mitsein.net
Happened today to my database with Gerrit 2.13.4 and LDAP
The merge script is no longer available i found this
Is that still valid/good solution ?

Philip Stefanov

unread,
Jan 20, 2017, 1:49:53 AM1/20/17
to Repo and Gerrit Discussion, gri...@mitsein.net
Ok this is getting worse.. I disabled the second account from Gerrit sh
gerrit set-account --inactive
And now i got two more brand new accounts from the same user...
Looks like each time he login new account been created!
How can i stop this?
bug.jpg

Gustaf Lundh

unread,
Jan 20, 2017, 2:53:22 AM1/20/17
to Philip Stefanov, Repo and Gerrit Discussion, gri...@mitsein.net

I'm guessing some sort of username comparison issue. Maybe casing related?


Are you using auth.userNameToLowerCase? Can you post your ldap/auth settings?


/Gustaf


From: repo-d...@googlegroups.com <repo-d...@googlegroups.com> on behalf of Philip Stefanov <ph.st...@gmail.com>
Sent: Friday, January 20, 2017 7:49 AM
To: Repo and Gerrit Discussion
Cc: gri...@mitsein.net
Subject: Re: duplicate accounts
 
--
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Philip Stefanov

unread,
Jan 20, 2017, 9:22:11 AM1/20/17
to Repo and Gerrit Discussion, ph.st...@gmail.com, gri...@mitsein.net
The sys admin deleted/created the very same account in LDAP 4 times...
meanwhile that guy was trying to login. :)
Thanks for the hint.
Reply all
Reply to author
Forward
0 new messages