Switching from ldap auth to oauth auth.

[crlf...@gmail.com]

Hello, we currently have a gerrit 3.x instance in production, and we're currently using ldap auth. 

Recently we're planning to migrate from ldap auth to oauth auth. However it seems there're not any existing tools for this migration. I wonder if this migration can be done by some script? What would such a script look like?

Thanks!

[Luca Milanesio]

On 21 Jun 2021, at 09:55, crlf...@gmail.com <crlf...@gmail.com> wrote:

Hello, we currently have a gerrit 3.x instance in production, and we're currently using ldap auth. 

Recently we're planning to migrate from ldap auth to oauth auth.

What do you mean by “migrate”? I guess you want to keep all the existing accounts and their profiles?

What OAuth are you connecting to?

However it seems there're not any existing tools for this migration. I wonder if this migration can be done by some script? What would such a script look like?

It really depends on the queries above.

Luca.

Thanks!

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/fe4941ea-9176-4d8e-a61a-f27b4ca000b0n%40googlegroups.com.

[crlf...@gmail.com]

Thank you for your reply!

By "migrate", i mean keeping all the existing accounts, their profiles and their previous review comments etc.

The existing ldap auth and new oauth auth are using exactly the same set of email addresses.

> What OAuth are you connecting to?

It's microsoft 365, which uses azure ad auth service.

Charles

[Makson Lee]

we have similar situation, we are trying to switch from ldap auth to keycloak oauth which backend  is the same ldap server, don't want to create new accounts.

On Tuesday, June 22, 2021 at 6:24:26 AM UTC+8 lucamilanesio wrote:

[crlf...@gmail.com]

Hello, could someone give some advices about performing for this switch?

This is currently the only blocking issue for us...

And by the way, is it better to ask this question in Slack channel?

Thanks!

[Vacelet, Manuel]

On Mon, Jul 5, 2021 at 10:17 AM crlf...@gmail.com <crlf...@gmail.com> wrote:

Hello, could someone give some advices about performing for this switch?

This is currently the only blocking issue for us...

And by the way, is it better to ask this question in Slack channel?

Thanks!

On Saturday, June 26, 2021 at 6:01:43 PM UTC+8 cdle...@gmail.com wrote:

we have similar situation, we are trying to switch from ldap auth to keycloak oauth which backend  is the same ldap server, don't want to create new accounts.

On Tuesday, June 22, 2021 at 6:24:26 AM UTC+8 lucamilanesio wrote:

On 21 Jun 2021, at 09:55, crlf...@gmail.com <crlf...@gmail.com> wrote:

Hello, we currently have a gerrit 3.x instance in production, and we're currently using ldap auth. 

Recently we're planning to migrate from ldap auth to oauth auth.

What do you mean by “migrate”? I guess you want to keep all the existing accounts and their profiles?

What OAuth are you connecting to?

However it seems there're not any existing tools for this migration. I wonder if this migration can be done by some script? What would such a script look like?

It really depends on the queries above.

Luca.

We are about to be in the same situation (more or less because we need to contribute a generic oauth connector first https://github.com/davido/gerrit-oauth-provider/issues/134).

Is there a solution for this problem or will we have to merge accounts https://gerrit.googlesource.com/homepage/+/md-pages/docs/SqlMergeUserAccounts.md ?

There ia a mention of managing multiple identities in the documentation but that seems linked to old OpenID https://gerrit.tuleap.net/Documentation/config-sso.html#_multiple_identities

Any advice would be welcomed,

Thanks,

Manuel