Move from LDAP to Azure SSO Via Gerrit server - Using plugins/gerrit-oauth-provider

[Guy Levkowitz]

Hey

I understand that there is no straightforward way to achieve this when we already have many users who have been using Gerrit with LDAP authentication up to now.  

What is needed 

git clone All-Users  (repo)
cd All-Users/
git fetch origin refs/meta/external-ids:refs/meta/external-ids
git checkout refs/meta/external-ids

find the user thta we want to define for Azure and create him entery for Azure like: 

in bash(need to know the Azure Object-id for the user before do this action + the ID of the user in gerrit):

echo -n "azure-oauth:<AZURE-OBJECT-ID-FOR -The-User>| sha1sum

echo -n "azure-oauth:8a048f54-a0cc-4537-bb5b-3f540a2dbd72" | sha1sum
918d604e3cacdf92c3ba56415c379a19a3fd47ba  -

take the output and run : 

echo -e "[externalId \"azure-oauth:8a048f54-a0cc-4537-bb5b-3f540a2dbd72\"]\n\taccountId = 1000044\n\temail = guy...@domain.com" > 918d604e3cacdf92c3ba56415c379a19a3fd47ba

This will give a new entry file 

 cat 918d604e3cacdf92c3ba56415c379a19a3fd47ba

[externalId "azure-oauth:8a048f54-a0cc-4537-bb5b-3f540a2dbd72"]
        accountId = 1000044
        email = guy...@domain.com

This needs to be done for all users 

My question is also related to groups. We currently have several groups defined using LDAP, for example: ldap/RND-Users. With Azure-based authentication, is there a way to use or map Azure AD groups to Gerrit groups in a similar manner?  

Currently, with authentication via Azure, we are unable to use it directly. Is there any alternative way to leverage our Azure AD groups and map them to Gerrit groups?  

thanks

Guy