LDAP account cannot login and get error message "external ID already in use" after delete account's preferred email
253 views
Skip to first unread message
Boyen
Aug 18, 2020, 10:31:17 AM8/18/20
to Repo and Gerrit Discussion
The gerrit's auth type is LDAP. And gerrit version is 3.1.3.
After delete account's preferred-email by "[1] cmd-set-account", the account cannot login anymore.
ssh -p 29418 gerrit.company.com gerrit set-account --delete-email "ACC...@company.com'" ACCOUNT
According to the error_log & external.ids, it seems that the LDAP account's external.ids have both of ["identity": "username:ACCOUNT"] and ["identity": "gerrit:ACCOUNT"]. When delete account's preferred-email, the external.ids:["identity": "gerrit:ACCOUNT"] is deleted, too. Therefore the ACCOUNT is decided as NEW account due to there is no ["identity": "gerrit:ACCOUNT"] in external.ids. And then gerrit try to create new account, but create fail due to there is ["identity": "username:ACCOUNT"] in external.ids.
com.google.gerrit.server.account.AccountException: Cannot assign external ID "username:ACCOUNT" to account 1000017; external ID already in use.
at com.google.gerrit.server.account.AccountManager.create(AccountManager.java:306)
at com.google.gerrit.server.account.AccountManager.authenticate(AccountManager.java:141)
at com.google.gerrit.httpd.auth.ldap.LdapLoginServlet.doPost(LdapLoginServlet.java:123)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
...snip...
I already do some try, but the LDAP account still cannot login.
Can you please advise, how to solve this issue?
Try1: inactive/active the target account by [1] & [2]
ssh -p 29418 gerrit.company.com gerrit set-account --inactive ACCOUNT
curl --request PUT http://gerrit.company.com:8080/a/accounts/1000003/active
Try2: Add deleted mail back and set it as preferred email
ssh -p 29418 gerrit.company.com gerrit set-account --add-email ACC...@company.com ACCOUNT
ssh -p 29418 gerrit.company.com gerrit set-account --preferred-email ACC...@company.com ACCOUNT
Try3: Rename "mailto:ACC...@company.com" to "gerrit:ACCOUNT" in refs/meta/external-ids
<Download refs/meta/external-ids>
git clone "http://gerrit.company.com:8080/All-Users
cd All-Users
git fetch origin refs/meta/external-ids
git checkout -b refs/meta/external-ids FETCH_HEAD
<Rename "mailto:ACC...@company.com" to "gerrit:ACCOUNT">
echo -n 'gerrit:ACCOUNT' |sha1sum
6e5e3b47ad6a8731dc7d05eebfcc7723af7d3976 -
echo -n 'mailto:ACC...@company.com' |sha1sum
ce74967b7174fa686f39a77faf6fd7820bcf8560 -
mv ce74967b7174fa686f39a77faf6fd7820bcf8560 6e5e3b47ad6a8731dc7d05eebfcc7723af7d3976
Modify 6e5e3b47ad6a8731dc7d05eebfcc7723af7d3976 from '[externalId "mailto:ACC...@company.com"]' to '[externalId "gerrit:ACCOUNT"]'
<push change files>
git add --all
git commit -m "update external-ids"
git push origin refs/meta/external-ids
Try4: Delete account or delete ["identity": "username:ACCOUNT"]. But gerrit v3.1.3 Not Allowed
Refer:
[1] https://gerrit-review.googlesource.com/Documentation/cmd-set-account.html
[2] https://gerrit-review.googlesource.com/Documentation/rest-api-accounts.html
Thanks
Boyen
After delete account's preferred-email by "[1] cmd-set-account", the account cannot login anymore.
ssh -p 29418 gerrit.company.com gerrit set-account --delete-email "ACC...@company.com'" ACCOUNT
According to the error_log & external.ids, it seems that the LDAP account's external.ids have both of ["identity": "username:ACCOUNT"] and ["identity": "gerrit:ACCOUNT"]. When delete account's preferred-email, the external.ids:["identity": "gerrit:ACCOUNT"] is deleted, too. Therefore the ACCOUNT is decided as NEW account due to there is no ["identity": "gerrit:ACCOUNT"] in external.ids. And then gerrit try to create new account, but create fail due to there is ["identity": "username:ACCOUNT"] in external.ids.
error_log as below:
com.google.gerrit.httpd.auth.ldap.LdapLoginServlet : 'ACCOUNT' failed to sign incom.google.gerrit.server.account.AccountException: Cannot assign external ID "username:ACCOUNT" to account 1000017; external ID already in use.
at com.google.gerrit.server.account.AccountManager.create(AccountManager.java:306)
at com.google.gerrit.server.account.AccountManager.authenticate(AccountManager.java:141)
at com.google.gerrit.httpd.auth.ldap.LdapLoginServlet.doPost(LdapLoginServlet.java:123)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
...snip...
I already do some try, but the LDAP account still cannot login.
Can you please advise, how to solve this issue?
Try1: inactive/active the target account by [1] & [2]
ssh -p 29418 gerrit.company.com gerrit set-account --inactive ACCOUNT
curl --request PUT http://gerrit.company.com:8080/a/accounts/1000003/active
Try2: Add deleted mail back and set it as preferred email
ssh -p 29418 gerrit.company.com gerrit set-account --add-email ACC...@company.com ACCOUNT
ssh -p 29418 gerrit.company.com gerrit set-account --preferred-email ACC...@company.com ACCOUNT
Try3: Rename "mailto:ACC...@company.com" to "gerrit:ACCOUNT" in refs/meta/external-ids
<Download refs/meta/external-ids>
git clone "http://gerrit.company.com:8080/All-Users
cd All-Users
git fetch origin refs/meta/external-ids
git checkout -b refs/meta/external-ids FETCH_HEAD
<Rename "mailto:ACC...@company.com" to "gerrit:ACCOUNT">
echo -n 'gerrit:ACCOUNT' |sha1sum
6e5e3b47ad6a8731dc7d05eebfcc7723af7d3976 -
echo -n 'mailto:ACC...@company.com' |sha1sum
ce74967b7174fa686f39a77faf6fd7820bcf8560 -
mv ce74967b7174fa686f39a77faf6fd7820bcf8560 6e5e3b47ad6a8731dc7d05eebfcc7723af7d3976
Modify 6e5e3b47ad6a8731dc7d05eebfcc7723af7d3976 from '[externalId "mailto:ACC...@company.com"]' to '[externalId "gerrit:ACCOUNT"]'
<push change files>
git add --all
git commit -m "update external-ids"
git push origin refs/meta/external-ids
Try4: Delete account or delete ["identity": "username:ACCOUNT"]. But gerrit v3.1.3 Not Allowed
Refer:
[1] https://gerrit-review.googlesource.com/Documentation/cmd-set-account.html
[2] https://gerrit-review.googlesource.com/Documentation/rest-api-accounts.html
Thanks
Boyen
Luca Milanesio
Aug 18, 2020, 4:40:24 PM8/18/20
to Boyen, Luca Milanesio, Repo and Gerrit Discussion
On 18 Aug 2020, at 10:42, Boyen <Boy...@gmail.com> wrote:The gerrit's auth type is LDAP. And gerrit version is 3.1.3.
After delete account's preferred-email by "[1] cmd-set-account", the account cannot login anymore.
ssh -p 29418 gerrit.company.com gerrit set-account --delete-email "ACC...@company.com'" ACCOUNT
According to the error_log & external.ids, it seems that the LDAP account's external.ids have both of ["identity": "username:ACCOUNT"] and ["identity": "gerrit:ACCOUNT"]. When delete account's preferred-email, the external.ids:["identity": "gerrit:ACCOUNT"] is deleted, too. Therefore the ACCOUNT is decided as NEW account due to there is no ["identity": "gerrit:ACCOUNT"] in external.ids. And then gerrit try to create new account, but create fail due to there is ["identity": "username:ACCOUNT"] in external.ids.
You have hit exactly the bug I raised and fixed a couple of months ago:
If you upgrade to v3.1.5, the problem is resolved.
P.S. As a rule of thumb, always keep the latest patch-level on Gerrit, as we typically fix lots of issues in stable branches.
error_log as below:com.google.gerrit.httpd.auth.ldap.LdapLoginServlet : 'ACCOUNT' failed to sign in
com.google.gerrit.server.account.AccountException: Cannot assign external ID "username:ACCOUNT" to account 1000017; external ID already in use.
at com.google.gerrit.server.account.AccountManager.create(AccountManager.java:306)
at com.google.gerrit.server.account.AccountManager.authenticate(AccountManager.java:141)
at com.google.gerrit.httpd.auth.ldap.LdapLoginServlet.doPost(LdapLoginServlet.java:123)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
...snip...
I already do some try, but the LDAP account still cannot login.
Can you please advise, how to solve this issue?
Because the removal of the external-id has been done with a commit on the All-Users.git repository, refs/meta/external-ids refs, you can just revert the commit and the problem will be resolved.
For preventing that problem to happen again, *upgrade* please :-)
HTH
Luca.
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/a529cc1c-8df7-409e-905d-2678620c54b2o%40googlegroups.com.
Boyen
Aug 19, 2020, 2:44:00 AM8/19/20
to Repo and Gerrit Discussion
lucamilanesio於 2020年8月19日星期三 UTC+8上午4時40分24秒寫道:
On 18 Aug 2020, at 10:42, Boyen <Boy...@gmail.com> wrote:The gerrit's auth type is LDAP. And gerrit version is 3.1.3.
After delete account's preferred-email by "[1] cmd-set-account", the account cannot login anymore.
ssh -p 29418 gerrit.company.com gerrit set-account --delete-email "ACC...@company.com'" ACCOUNT
According to the error_log & external.ids, it seems that the LDAP account's external.ids have both of ["identity": "username:ACCOUNT"] and ["identity": "gerrit:ACCOUNT"]. When delete account's preferred-email, the external.ids:["identity": "gerrit:ACCOUNT"] is deleted, too. Therefore the ACCOUNT is decided as NEW account due to there is no ["identity": "gerrit:ACCOUNT"] in external.ids. And then gerrit try to create new account, but create fail due to there is ["identity": "username:ACCOUNT"] in external.ids.You have hit exactly the bug I raised and fixed a couple of months ago:If you upgrade to v3.1.5, the problem is resolved.P.S. As a rule of thumb, always keep the latest patch-level on Gerrit, as we typically fix lots of issues in stable branches.error_log as below:com.google.gerrit.httpd.auth.ldap.LdapLoginServlet : 'ACCOUNT' failed to sign in
com.google.gerrit.server.account.AccountException: Cannot assign external ID "username:ACCOUNT" to account 1000017; external ID already in use.
at com.google.gerrit.server.account.AccountManager.create(AccountManager.java:306)
at com.google.gerrit.server.account.AccountManager.authenticate(AccountManager.java:141)
at com.google.gerrit.httpd.auth.ldap.LdapLoginServlet.doPost(LdapLoginServlet.java:123)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
...snip...
I already do some try, but the LDAP account still cannot login.
Can you please advise, how to solve this issue?Because the removal of the external-id has been done with a commit on the All-Users.git repository, refs/meta/external-ids refs, you can just revert the commit and the problem will be resolved.For preventing that problem to happen again, *upgrade* please :-)HTHLuca.
I revert the commit but the problem do not be resolved.
After revert the commit, the [externalId "gerrit:ACCOUT"] is back.
content of refs/meta/external-ids as below:
----------
cat <sha1sum-1>
[externalId "username:ACCOUT"]
accountId = 1000003
cat <sha1sum-2>
[externalId "gerrit:ACCOUT"]
accountId = 1000003
email = ACC...@company.com
email = ACC...@company.com
----------
But the account still cannot login.
The error message is the same. (Cannot assign external ID "username:ACCOUNT" to account 1000017; external ID already in use.)
And I check the content of external.ids by REST API, there is no ["identity": "gerrit:ACCOUNT"] in external.ids.
content of external.ids as below:
----------
)]}'
[
{
"identity": "username:ACCOUNT",
"trusted": true
}
]
----------
[
{
"identity": "username:ACCOUNT",
"trusted": true
}
]
----------
It looks like "content of external.ids by REST API" and "content of refs/meta/external-ids from All-Users.git" are NOT consistent.
Then I do "[3] flush-caches --all" , "[4] reindex" and "gerrit.sh restart", but the account still cannot login.
Can you please advise, how to solve this issue?
Thanks
Boyen
Try1: inactive/active the target account by [1] & [2]
ssh -p 29418 gerrit.company.com gerrit set-account --inactive ACCOUNT
curl --request PUT http://gerrit.company.com:8080/a/accounts/1000003/active
Try2: Add deleted mail back and set it as preferred email
ssh -p 29418 gerrit.company.com gerrit set-account --add-email ...@company.com ACCOUNT
ssh -p 29418 gerrit.company.com gerrit set-account --preferred-email ...@company.com ACCOUNT
Try3: Rename "mailto:...@company.com" to "gerrit:ACCOUNT" in refs/meta/external-ids
<Download refs/meta/external-ids>
git clone "http://gerrit.company.com:8080/All-Users
cd All-Users
git fetch origin refs/meta/external-ids
git checkout -b refs/meta/external-ids FETCH_HEAD
<Rename "mailto:...@company.com" to "gerrit:ACCOUNT">
echo -n 'gerrit:ACCOUNT' |sha1sum
6e5e3b47ad6a8731dc7d05eebfcc7723af7d3976 -
echo -n 'mailto:...@company.com' |sha1sum
ce74967b7174fa686f39a77faf6fd7820bcf8560 -
mv ce74967b7174fa686f39a77faf6fd7820bcf8560 6e5e3b47ad6a8731dc7d05eebfcc7723af7d3976
Modify 6e5e3b47ad6a8731dc7d05eebfcc7723af7d3976 from '[externalId "mailto:...@company.com"]' to '[externalId "gerrit:ACCOUNT"]'
<push change files>
git add --all
git commit -m "update external-ids"
git push origin refs/meta/external-ids
Try4: Delete account or delete ["identity": "username:ACCOUNT"]. But gerrit v3.1.3 Not Allowed
Refer:
[1] https://gerrit-review.googlesource.com/Documentation/cmd-set-account.html
[2] https://gerrit-review.googlesource.com/Documentation/rest-api-accounts.html
Thanks
Boyen
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-d...@googlegroups.com.
Luca Milanesio
Aug 19, 2020, 3:54:35 AM8/19/20
to Boyen, Luca Milanesio, Repo and Gerrit Discussion
Once you’ve fixed the All-Users.git, you would need to:
- Stop Gerrit
- reindex the accounts
- restart Gerrit.
Luca.
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/b319f04d-cb2c-4b6f-b072-e6452e7a64afo%40googlegroups.com.
Boyen
Aug 19, 2020, 4:55:35 AM8/19/20
to Repo and Gerrit Discussion
lucamilanesio於 2020年8月19日星期三 UTC+8下午3時54分35秒寫道:
I follow your step but the account still cannot login.
The error message is the same.
Detail command as below:
sudo ${GERRIT_PATH}/bin/gerrit.sh stop
sudo java -jar gerrit-3.1.3.war reindex -d ${GERRIT_PATH} --index accounts
sudo ${GERRIT_PATH}/bin/gerrit.sh start
Are my commands wrong?
Can you please advise?
Thanks
Boyen
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/b319f04d-cb2c-4b6f-b072-e6452e7a64afo%40googlegroups.com.
Luca Milanesio
Aug 19, 2020, 5:18:47 AM8/19/20
to Boyen, Luca Milanesio, Repo and Gerrit Discussion
That looks ok. Do you still have the exact same issue?
Can you post the new stack trace?
Luca.
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/84943c81-eba8-40f9-a2bb-08c24b920877o%40googlegroups.com.
Boyen
Aug 19, 2020, 5:55:56 AM8/19/20
to Repo and Gerrit Discussion
lucamilanesio 在 2020年8月19日 星期三下午5:18:47 [UTC+8] 的信中寫道:
Yes, I still have the same issue.
new stack trace as below:
----------
com.google.gerrit.httpd.auth.ldap.LdapLoginServlet :
'ACCOUNT' failed to sign in
com.google.gerrit.server.account.AccountException:
Cannot assign external ID "username:ACCOUNT" to account 1000021;
external ID already in use.
at com.google.gerrit.server.account.AccountManager.create(AccountManager.java:306)
at com.google.gerrit.server.account.AccountManager.authenticate(AccountManager.java:141)
at com.google.gerrit.httpd.auth.ldap.LdapLoginServlet.doPost(LdapLoginServlet.java:123)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:290)
at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:280)
at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:184)
at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:89)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)
at com.google.gerrit.httpd.raw.StaticModule$PolyGerritFilter.doFilter(StaticModule.java:436)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.GetUserFilter.doFilter(GetUserFilter.java:92)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.UniversalWebLoginFilter.doFilter(UniversalWebLoginFilter.java:75)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.RunAsFilter.doFilter(RunAsFilter.java:120)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.SetThreadNameFilter.doFilter(SetThreadNameFilter.java:62)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.AllRequestFilter$FilterProxy$1.doFilter(AllRequestFilter.java:133)
at com.google.gerrit.httpd.AllRequestFilter$FilterProxy.doFilter(AllRequestFilter.java:135)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.RequestCleanupFilter.doFilter(RequestCleanupFilter.java:60)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.RequestMetricsFilter.doFilter(RequestMetricsFilter.java:57)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.RequestContextFilter.doFilter(RequestContextFilter.java:64)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:121)
at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:133)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1700)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1667)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:56)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:505)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804)
at java.base/java.lang.Thread.run(Thread.java:834)
at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:290)
at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:280)
at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:184)
at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:89)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)
at com.google.gerrit.httpd.raw.StaticModule$PolyGerritFilter.doFilter(StaticModule.java:436)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.GetUserFilter.doFilter(GetUserFilter.java:92)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.UniversalWebLoginFilter.doFilter(UniversalWebLoginFilter.java:75)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.RunAsFilter.doFilter(RunAsFilter.java:120)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.SetThreadNameFilter.doFilter(SetThreadNameFilter.java:62)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.AllRequestFilter$FilterProxy$1.doFilter(AllRequestFilter.java:133)
at com.google.gerrit.httpd.AllRequestFilter$FilterProxy.doFilter(AllRequestFilter.java:135)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.RequestCleanupFilter.doFilter(RequestCleanupFilter.java:60)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.RequestMetricsFilter.doFilter(RequestMetricsFilter.java:57)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.gerrit.httpd.RequestContextFilter.doFilter(RequestContextFilter.java:64)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:121)
at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:133)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1700)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1667)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:56)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:505)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804)
at java.base/java.lang.Thread.run(Thread.java:834)
----------
Thanks
Boyen
BoYen
Sep 1, 2020, 3:10:03 AM9/1/20
to Repo and Gerrit Discussion
Hi Luca,
I try to do "index" by REST API[5], but the account still cannot login.
And I try to delete the account external IDs[6], but fail then show "External id username:ACCOUNT cannot be deleted"
Therefore, the account still cannot login.
The error message still is "Cannot assign external ID "username:ACCOUNT" to account 1000024; external ID already in use."
Can you please advise, how to solve this issue?
error_log as below:
WARN com.google.gerrit.httpd.auth.ldap.LdapLoginServlet : 'ACCOUNT' failed to sign in
com.google.gerrit.server.account.AccountException: Cannot assign external ID "username:ACCOUNT" to account 1000024; external ID already in use.
com.google.gerrit.server.account.AccountException: Cannot assign external ID "username:ACCOUNT" to account 1000024; external ID already in use.
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804)
at java.base/java.lang.Thread.run(Thread.java:834)
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/74ad3305-89f8-466b-850d-43a26e4b26a7n%40googlegroups.com.
Luca Milanesio
Sep 1, 2020, 3:35:43 AM9/1/20
to BoYen, Luca Milanesio, Repo and Gerrit Discussion
On 1 Sep 2020, at 08:09, BoYen <boy...@gmail.com> wrote:Hi Luca,I try to do "index" by REST API[5], but the account still cannot login.And I try to delete the account external IDs[6], but fail then show "External id username:ACCOUNT cannot be deleted"
You need to delete the external id on the All-Users.git bare repository, on the server.
After the removal has been done, you would need to reindex the accounts.
HTH
Luca.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/CAKanNZjjVB28X%2BM%3DH7bHj%2BQe%2B5%3D7s_dHathTCXXVZERm8ngsFA%40mail.gmail.com.
Boyen
Sep 6, 2020, 11:35:54 PM9/6/20
to Repo and Gerrit Discussion
Hi Luca,
I try 3 test for this, but all fail.
[Test1]
I delete the external id on the All-Users.git bare repository, on the
server. And then reindex the accounts. But the account still cannot
login.
[Test2] I do "flush-caches --all" before STEP1, but still cannot solve this issue.
[Test3] I change STEP5 to do rename username:ACCOUNT, but still cannot solve this issue.
I list my steps and log as below.
Could you help to confirm the step are correct or not for "Test1"
STEP:
1. sudo /data-gerrit/data/tmp/gerrit03/bin/gerrit.sh stop
2. git clone /data-gerrit/data/tmp/gerrit03/git/All-Users.git
3. cd All-Users
4. git fetch origin refs/meta/external-ids
5. rm fcc13711af17c3718daec0e78a5bf04ad064ca26 (remove username:ACCOUNT external-ids)
6. git add .;git commit -m "remove external-ids"
7. sudo git push origin refs/meta/external-ids
8. sudo java -jar gerrit-3.1.3.war reindex -d /data-gerrit/data/tmp/gerrit03/
--- reindex log ---
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$1 (file:/root/.gerritcodereview/tmp/gerrit_4403882789888702664_app/guice-4.2.2.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[2020-09-04 17:45:49,003] [main] INFO com.google.gerrit.server.git.SystemReaderInstaller : Set JGit's SystemReader to read system config from /data-gerrit/data/tmp/gerrit03/etc/jgit.config
[2020-09-04 17:45:49,020] [main] INFO com.google.gerrit.server.git.LocalDiskRepositoryManager : Defaulting core.streamFileThreshold to 1003m
[2020-09-04 17:45:49,765] [main] INFO com.google.gerrit.server.cache.h2.H2CacheFactory : Enabling disk cache /data-gerrit/data/tmp/gerrit03/cache
[2020-09-04 17:45:49,867] [main] INFO com.google.gerrit.server.git.WorkQueue : Adding metrics for 'WorkQueue' queue
[2020-09-04 17:45:49,872] [main] INFO com.google.gerrit.server.git.WorkQueue : Adding metrics for 'Index-Interactive' queue
[2020-09-04 17:45:49,875] [main] INFO com.google.gerrit.server.git.WorkQueue : Adding metrics for 'Index-Batch' queue
[2020-09-04 17:45:49,914] [main] INFO com.google.gerrit.server.git.WorkQueue : Adding metrics for 'ReceiveCommits' queue
[2020-09-04 17:45:49,915] [main] INFO com.google.gerrit.server.git.WorkQueue : Adding metrics for 'SendEmail' queue
[2020-09-04 17:45:49,962] [main] INFO com.google.gerrit.server.rules.PrologEnvironment : reductionLimit: 100000, compileLimit: 1000000
[2020-09-04 17:45:50,361] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loading plugins from /data-gerrit/data/tmp/gerrit03/plugins
[2020-09-04 17:45:50,415] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin codemirror-editor, version v3.1.3
[2020-09-04 17:45:50,432] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin commit-message-length-validator, version v3.1.3
[2020-09-04 17:45:50,446] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin delete-project, version v3.1.3
[2020-09-04 17:45:50,458] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin download-commands, version v3.1.3
[2020-09-04 17:45:50,474] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin gitiles, version v3.1.3
[2020-09-04 17:45:50,486] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin hooks, version v3.1.3
[2020-09-04 17:45:50,503] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin plugin-manager, version v3.1.3
[2020-09-04 17:45:50,521] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin replication, version v3.1.3
[2020-09-04 17:45:50,536] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin reviewnotes, version v3.1.3
[2020-09-04 17:45:50,550] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin singleusergroup, version v3.1.3
[2020-09-04 17:45:50,562] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin webhooks, version v3.1.3
Collecting accounts: 4
Reindexing accounts: 100% (4/4)
Reindexed 4 documents in accounts index in 0.4s (10.2/s)
Reindexing groups: 100% (2/2)
Reindexed 2 documents in groups index in 0.1s (35.7/s)
Collecting projects: 2
Reindexing changes: projects: 100% (2/2), done
Reindexed 0 documents in changes index in 0.0s (0.0/s)
Reindexing projects: 100% (2/2)
Reindexed 2 documents in projects index in 0.1s (23.0/s)
[2020-09-04 17:45:51,491] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin replication, version v3.1.3
[2020-09-04 17:45:51,491] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin codemirror-editor, version v3.1.3
[2020-09-04 17:45:51,491] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin commit-message-length-validator, version v3.1.3
[2020-09-04 17:45:51,491] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin gitiles, version v3.1.3
[2020-09-04 17:45:51,491] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin webhooks, version v3.1.3
[2020-09-04 17:45:51,492] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin reviewnotes, version v3.1.3
[2020-09-04 17:45:51,492] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin download-commands, version v3.1.3
[2020-09-04 17:45:51,492] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin delete-project, version v3.1.3
[2020-09-04 17:45:51,492] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin plugin-manager, version v3.1.3
[2020-09-04 17:45:51,492] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin singleusergroup, version v3.1.3
[2020-09-04 17:45:51,492] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin hooks, version v3.1.3
[2020-09-04 17:45:51,535] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_replication_200904_1745_2475531113373819422.jar
[2020-09-04 17:45:51,535] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_codemirror-editor_200904_1745_13471213477338693009.jar
[2020-09-04 17:45:51,535] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_commit-message-length-validator_200904_1745_10969826295789790927.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_gitiles_200904_1745_17470567603860828808.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_webhooks_200904_1745_11365758418870116071.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_reviewnotes_200904_1745_123539205913116992.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_download-commands_200904_1745_5294912619856246212.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_delete-project_200904_1745_11395716494132811064.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_plugin-manager_200904_1745_2432374579954859927.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_singleusergroup_200904_1745_9729880038585031236.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_hooks_200904_1745_936402010121761547.jar
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$1 (file:/root/.gerritcodereview/tmp/gerrit_4403882789888702664_app/guice-4.2.2.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[2020-09-04 17:45:49,003] [main] INFO com.google.gerrit.server.git.SystemReaderInstaller : Set JGit's SystemReader to read system config from /data-gerrit/data/tmp/gerrit03/etc/jgit.config
[2020-09-04 17:45:49,020] [main] INFO com.google.gerrit.server.git.LocalDiskRepositoryManager : Defaulting core.streamFileThreshold to 1003m
[2020-09-04 17:45:49,765] [main] INFO com.google.gerrit.server.cache.h2.H2CacheFactory : Enabling disk cache /data-gerrit/data/tmp/gerrit03/cache
[2020-09-04 17:45:49,867] [main] INFO com.google.gerrit.server.git.WorkQueue : Adding metrics for 'WorkQueue' queue
[2020-09-04 17:45:49,872] [main] INFO com.google.gerrit.server.git.WorkQueue : Adding metrics for 'Index-Interactive' queue
[2020-09-04 17:45:49,875] [main] INFO com.google.gerrit.server.git.WorkQueue : Adding metrics for 'Index-Batch' queue
[2020-09-04 17:45:49,914] [main] INFO com.google.gerrit.server.git.WorkQueue : Adding metrics for 'ReceiveCommits' queue
[2020-09-04 17:45:49,915] [main] INFO com.google.gerrit.server.git.WorkQueue : Adding metrics for 'SendEmail' queue
[2020-09-04 17:45:49,962] [main] INFO com.google.gerrit.server.rules.PrologEnvironment : reductionLimit: 100000, compileLimit: 1000000
[2020-09-04 17:45:50,361] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loading plugins from /data-gerrit/data/tmp/gerrit03/plugins
[2020-09-04 17:45:50,415] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin codemirror-editor, version v3.1.3
[2020-09-04 17:45:50,432] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin commit-message-length-validator, version v3.1.3
[2020-09-04 17:45:50,446] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin delete-project, version v3.1.3
[2020-09-04 17:45:50,458] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin download-commands, version v3.1.3
[2020-09-04 17:45:50,474] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin gitiles, version v3.1.3
[2020-09-04 17:45:50,486] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin hooks, version v3.1.3
[2020-09-04 17:45:50,503] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin plugin-manager, version v3.1.3
[2020-09-04 17:45:50,521] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin replication, version v3.1.3
[2020-09-04 17:45:50,536] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin reviewnotes, version v3.1.3
[2020-09-04 17:45:50,550] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin singleusergroup, version v3.1.3
[2020-09-04 17:45:50,562] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin webhooks, version v3.1.3
Collecting accounts: 4
Reindexing accounts: 100% (4/4)
Reindexed 4 documents in accounts index in 0.4s (10.2/s)
Reindexing groups: 100% (2/2)
Reindexed 2 documents in groups index in 0.1s (35.7/s)
Collecting projects: 2
Reindexing changes: projects: 100% (2/2), done
Reindexed 0 documents in changes index in 0.0s (0.0/s)
Reindexing projects: 100% (2/2)
Reindexed 2 documents in projects index in 0.1s (23.0/s)
[2020-09-04 17:45:51,491] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin replication, version v3.1.3
[2020-09-04 17:45:51,491] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin codemirror-editor, version v3.1.3
[2020-09-04 17:45:51,491] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin commit-message-length-validator, version v3.1.3
[2020-09-04 17:45:51,491] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin gitiles, version v3.1.3
[2020-09-04 17:45:51,491] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin webhooks, version v3.1.3
[2020-09-04 17:45:51,492] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin reviewnotes, version v3.1.3
[2020-09-04 17:45:51,492] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin download-commands, version v3.1.3
[2020-09-04 17:45:51,492] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin delete-project, version v3.1.3
[2020-09-04 17:45:51,492] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin plugin-manager, version v3.1.3
[2020-09-04 17:45:51,492] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin singleusergroup, version v3.1.3
[2020-09-04 17:45:51,492] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Unloading plugin hooks, version v3.1.3
[2020-09-04 17:45:51,535] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_replication_200904_1745_2475531113373819422.jar
[2020-09-04 17:45:51,535] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_codemirror-editor_200904_1745_13471213477338693009.jar
[2020-09-04 17:45:51,535] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_commit-message-length-validator_200904_1745_10969826295789790927.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_gitiles_200904_1745_17470567603860828808.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_webhooks_200904_1745_11365758418870116071.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_reviewnotes_200904_1745_123539205913116992.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_download-commands_200904_1745_5294912619856246212.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_delete-project_200904_1745_11395716494132811064.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_plugin-manager_200904_1745_2432374579954859927.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_singleusergroup_200904_1745_9729880038585031236.jar
[2020-09-04 17:45:51,536] [main] INFO com.google.gerrit.server.plugins.CleanupHandle : Cleaned plugin plugin_hooks_200904_1745_936402010121761547.jar
----------------------
9. sudo /data-gerrit/data/tmp/gerrit03/bin/gerrit.sh start
10. login account but fail, error_log as below:
--- error_log ---
[2020-09-04 17:46:58,209] [HTTP POST /login/%2Fdashboard%2Fself (N/A from 10.99.1.130)] WARN com.google.gerrit.httpd.auth.ldap.LdapLoginServlet : 'ACCOUNT' failed to sign in
com.google.gerrit.server.account.AccountException: Cannot assign external ID "username:ACCOUNT" to account 1000004; external ID already in use.
com.google.gerrit.server.account.AccountException: Cannot assign external ID "username:ACCOUNT" to account 1000004; external ID already in use.
--------------------
NOTE:
I re-install gerrit to other folder and delete mail to reproduce this
issue then do this test. Therefore number of accounts is 4.
Thanks
Boyen
lucamilanesio 在 2020年9月1日 星期二下午3:35:43 [UTC+8] 的信中寫道:
Boyen
Oct 28, 2020, 5:14:19 AM10/28/20
to Repo and Gerrit Discussion
Hi Luca,
Can you please advise how to solve this issue?
Thanks
Boyen 在 2020年9月7日 星期一上午11:35:54 [UTC+8] 的信中寫道:
Luca Milanesio
Oct 28, 2020, 5:34:54 AM10/28/20
to Boyen, Luca Milanesio, Repo and Gerrit Discussion
On 28 Oct 2020, at 09:14, Boyen <boy...@gmail.com> wrote:Hi Luca,Can you please advise how to solve this issue?ThanksBoyen 在 2020年9月7日 星期一上午11:35:54 [UTC+8] 的信中寫道:Hi Luca,I try 3 test for this, but all fail.[Test1] I delete the external id on the All-Users.git bare repository, on the server. And then reindex the accounts. But the account still cannot login.[Test2] I do "flush-caches --all" before STEP1, but still cannot solve this issue.[Test3] I change STEP5 to do rename username:ACCOUNT, but still cannot solve this issue.I list my steps and log as below.Could you help to confirm the step are correct or not for "Test1"STEP:1. sudo /data-gerrit/data/tmp/gerrit03/bin/gerrit.sh stop2. git clone /data-gerrit/data/tmp/gerrit03/git/All-Users.git3. cd All-Users4. git fetch origin refs/meta/external-ids5. rm fcc13711af17c3718daec0e78a5bf04ad064ca26 (remove username:ACCOUNT external-ids)
I am not sure that you are making all the required steps for the change.
When you do ‘git fetch origin refs/meta/external-ids’ then you have the objects in the FETCH_HEAD magic ref, but that isn’t checked out.
You need to do a ‘git checkout FETCH_HEAD'
6. git add .;git commit -m "remove external-ids"7. sudo git push origin refs/meta/external-ids
The push isn’t doing what you think: applying your local changes to the server isn’t going to happen in this way.
You should do a ‘git push origin HEAD:refs/meta/external-ids’
HTH
Luca.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/d54d6a72-75d5-4eb6-994c-4bd2adda6231n%40googlegroups.com.
Boyen
Nov 10, 2020, 1:49:12 AM11/10/20
to Repo and Gerrit Discussion
Hi Luca,
After follow your command, this issue is solved. Thanks a lot.
Update the correct step as below:
1. sudo /data-gerrit/data/tmp/gerrit03/bin/gerrit.sh stop
2. git clone /data-gerrit/data/tmp/gerrit03/git/All-Users.git
3. cd All-Users
4. git fetch origin refs/meta/external-ids
5. git checkout FETCH_HEAD
6. rm fcc13711af17c3718daec0e78a5bf04ad064ca26 (remove username:ACCOUNT external-ids)
7. git add .;git commit -m "remove external-ids"
8. git push origin HEAD:refs/meta/external-ids
9. sudo java -jar gerrit-3.1.3.war reindex -d /data-gerrit/data/tmp/gerrit03/
10. sudo /data-gerrit/data/tmp/gerrit03/bin/gerrit.sh start
Thanks
lucamilanesio 在 2020年10月28日 星期三下午5:34:54 [UTC+8] 的信中寫道:
davidch...@gmail.com
Nov 10, 2020, 1:57:11 AM11/10/20
to Repo and Gerrit Discussion
Hi Boyen,
Did you try deleting external ID using REST API.? We delete the external ID and then make old account inactive. It helps us to fix this kind of issues with LDAP accounts.
Reference link : https://groups.google.com/g/repo-discuss/c/qvrutNfEsx4/m/Qf0rE1O7BQAJ
Gerrit version is 2.16.22
Regards,
Reference link : https://groups.google.com/g/repo-discuss/c/qvrutNfEsx4/m/Qf0rE1O7BQAJ
Gerrit version is 2.16.22
Regards,
Challs
Luca Milanesio
Nov 10, 2020, 4:47:09 AM11/10/20
to davidch...@gmail.com, Luca Milanesio, Repo and Gerrit Discussion
> On 10 Nov 2020, at 06:57, davidch...@gmail.com <davidch...@gmail.com> wrote:
>
> Hi Boyen,
>
> Did you try deleting external ID using REST API.? We delete the external ID and then make old account inactive. It helps us to fix this kind of issues with LDAP accounts.
>
> Reference link : https://groups.google.com/g/repo-discuss/c/qvrutNfEsx4/m/Qf0rE1O7BQAJ
Or, alternatively, you need to have the MODIFY_ACCOUNT global capability permission.
Luca.
elzoc...@gmail.com
Nov 18, 2020, 9:53:12 AM11/18/20
to Repo and Gerrit Discussion
Hi,
Thanks for adding those steps, will need to try that soon, have a few problematic ids with uppercases....
quick questions:
Does the gerrit server need to be stopped when the push happens ?
Is a full offline reindex needed? wouldn't a reindex of the accounts be enough? and maybe even an online one?
If the server needs to be stopped, is it the case for the replicas too? (our replica is using the same NFS git/ folder mounted as read-only and the review data is updated via the high-availability plugin)
Many thanks,
Cedric.
Reply all
Reply to author
Forward
0 new messages