Issue with LDAP Authentication

robi...@e2eservices.co.uk

unread,

Mar 28, 2018, 6:04:58 AM3/28/18

to Repo and Gerrit Discussion

Hello,

I've been using Gerrit with LDAP for quite awhile now with no issues, but suddenly one user seems to be unable to authenticate with Gerrit.

When they first logged in it all worked fine, but all subsequent attempts lead to an error in the logs

[2018-03-28 10:58:17,486] [HTTP-470] INFO  com.google.gerrit.httpd.auth.ldap.LdapLoginServlet : 'warrenmay' failed to sign in: Authentication error
[2018-03-28 10:58:19,041] [HTTP-475] ERROR com.google.gerrit.server.account.AccountManager : Cannot assign user name "warrenmay" to account 1000038; name already in use.

I have no idea why this is happening or how to fix it.

Any suggestions or ways to debug this issue further would be appreciated.

Robin

Luca Milanesio

unread,

Mar 28, 2018, 6:07:17 AM3/28/18

to robi...@e2eservices.co.uk, Luca Milanesio, Repo and Gerrit Discussion

Have you recently upgraded to Gerrit 2.14? If yes, which exact version?

Luca.

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

robi...@e2eservices.co.uk

unread,

Mar 28, 2018, 6:10:38 AM3/28/18

to Repo and Gerrit Discussion

Not recently, but I don't think he's signed in since the upgrade.

However we have had someone else login with no issues.

Currently running: 2.14.5.1

On Wednesday, March 28, 2018 at 11:07:17 AM UTC+1, lucamilanesio wrote:

Have you recently upgraded to Gerrit 2.14? If yes, which exact version?

Luca.

On 28 Mar 2018, at 11:04, robi...@e2eservices.co.uk wrote:

Hello,

I've been using Gerrit with LDAP for quite awhile now with no issues, but suddenly one user seems to be unable to authenticate with Gerrit.

When they first logged in it all worked fine, but all subsequent attempts lead to an error in the logs

[2018-03-28 10:58:17,486] [HTTP-470] INFO com.google.gerrit.httpd.auth.ldap.LdapLoginServlet : 'warrenmay' failed to sign in: Authentication error [2018-03-28 10:58:19,041] [HTTP-475] ERROR com.google.gerrit.server.account.AccountManager : Cannot assign user name "warrenmay" to account 1000038; name already in use.

I have no idea why this is happening or how to fix it.

Any suggestions or ways to debug this issue further would be appreciated.

Robin

--
--

To unsubscribe, email repo-disc...@googlegroups.com

Luca Milanesio

unread,

Mar 28, 2018, 6:15:34 AM3/28/18

to robi...@e2eservices.co.uk, Luca Milanesio, Repo and Gerrit Discussion

On 28 Mar 2018, at 11:10, robi...@e2eservices.co.uk wrote:

Not recently, but I don't think he's signed in since the upgrade.

However we have had someone else login with no issues.

Currently running: 2.14.5.1

You should upgrade to 2.14.7 because issues *specific* to this problem have been resolved, or at least work-arounded ;-)

P.S. The current user would need to be fixed manually anyway, he ended up with inconsistent external ids :-(

Luca.

To unsubscribe, email repo-discuss...@googlegroups.com

robi...@e2eservices.co.uk

unread,

Mar 28, 2018, 6:20:05 AM3/28/18

to Repo and Gerrit Discussion

Ok will try and do that today.

I guess this is a case of editing the database to drop references to this user and the reindexing gerrit.. (Accounts and those that reference that table)

Thanks

To unsubscribe, email repo-disc...@googlegroups.com

robi...@e2eservices.co.uk

unread,

Mar 29, 2018, 9:24:48 AM3/29/18

to Repo and Gerrit Discussion

I've updated to 2.15, and it's improved things slightly but we're still having authentication issues;

[2018-03-29 11:52:16,885] [HTTP-279] INFO  com.google.gerrit.httpd.auth.ldap.LdapLoginServlet : 'Warrenmay' failed to sign in: Authentication error, account inactive

If i look back in the log I can see it 'repairing' the account

[2018-03-29 11:34:56,061] [HTTP-285] WARN  com.google.gerrit.server.account.AccountManager : User warrenmay already has an account; link new identity to the existing account.
[2018-03-29 11:34:56,062] [HTTP-285] INFO  com.google.gerrit.server.account.AccountManager : Link another authentication identity to an existing account
[2018-03-29 11:34:56,062] [HTTP-285] INFO  com.google.gerrit.server.account.AccountManager : Linking new external ID to the existing account

If I try to use the REST API to set the account to active I get an `account not found`

If i just get the account, we can see that all the information is missing

{
    "_account_id": 1000023
}

No idea how to recover from this, any thoughts would be appreciated

On Wednesday, March 28, 2018 at 11:15:34 AM UTC+1, lucamilanesio wrote:

To unsubscribe, email repo-disc...@googlegroups.com

Reply all

Reply to author

Forward