Last Comment Bug 502738 - Case-insensitive usernames should be enforced
: Case-insensitive usernames should be enforced
Product: Cloud Services
Classification: Client Software
Component: Server: Sync (show other bugs)
: unspecified
: x86 Mac OS X
: -- normal (vote)
: ---
Assigned To: Anant Narayanan [:anant]
Depends on:
  Show dependency treegraph
Reported: 2009-07-06 15:53 PDT by Anant Narayanan [:anant]
Modified: 2009-07-19 13:07 PDT (History)
11 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

php code to grab the users with uppercase letters (476 bytes, text/plain)
2009-07-13 15:04 PDT, Toby Elliott [:telliott]
no flags Details
Takes the users in "usernames" and lowercases them in the db (555 bytes, text/plain)
2009-07-13 15:05 PDT, Toby Elliott [:telliott]
no flags Details
LDAP Migration Script (441 bytes, text/plain)
2009-07-17 11:41 PDT, Anant Narayanan [:anant]
no flags Details
LDIF Generation Script (932 bytes, text/plain)
2009-07-17 11:42 PDT, Anant Narayanan [:anant]
no flags Details

Description Anant Narayanan [:anant] 2009-07-06 15:53:42 PDT
Weave usernames should be case insensitive. We currently do not (completely) ignore case, here is what should be done:

1. Update LDAP master on (sm-proxy01) to go through all DNs and update them to be based on the correct uid.

2. Update the weaveserver code to lowercase all incoming usernames before passing them on to storage and authentication modules.

3. Update the mySQL DB to ignore case in its rows so that the calls to the storage module (which was changed in (2)) will return the correct set.
Comment 1 Ragavan S [:rags] 2009-07-06 16:11:52 PDT
This should also address Issue #1 in bug #502721.
Comment 2 Anant Narayanan [:anant] 2009-07-13 14:14:59 PDT
The registration script on sm-proxy01 should also been updated to generate correct DNs.
Comment 3 Anant Narayanan [:anant] 2009-07-13 15:03:49 PDT
Steps 2 and 3 have to be performed by IT because we don't have direct access to the boxes that host the weaveserver code and mySQL DBs.
Comment 4 Toby Elliott [:telliott] 2009-07-13 15:04:29 PDT
Created attachment 388334 [details]
php code to grab the users with uppercase letters

Should be run as 

php get_userlist.php > usernames
Comment 5 Toby Elliott [:telliott] 2009-07-13 15:05:28 PDT
Created attachment 388336 [details]
Takes the users in "usernames" and lowercases them in the db

run after get_usernames.php has generated the list
Comment 6 Toby Elliott [:telliott] 2009-07-13 15:06:12 PDT
Note that the two files above have blank usernames, hosts and passwords. You'll need to fill in those constants before running.
Comment 7 Dave Miller [:justdave] ( 2009-07-15 22:21:06 PDT
Your blog post mentions that people on the old system would have to sign up for a new account if they didn't remember the case of their username...  if they created a new account that used the same username, but a different case, wouldn't that cause duplicates when you try to down-case all of the existing entries?
Comment 8 Ed Lee :Mardak 2009-07-15 22:33:18 PDT
I believe we currently case-insensitively check for conflicts, so it's not possible to have multiple users with the same string but different casing. Anant mentioned in our meeting that he's already double checked that there are no conflicts.
Comment 9 Toby Elliott [:telliott] 2009-07-17 11:01:33 PDT
So I'll be on hand for this, but there's actually nothing for me to do. Here's the steps that need to happen on Sunday:

1) Take the two scripts here and put them on one of the frontends (or the master, if it has mysql_client running there). Edit the files to put the username, password and hostname of the mysql master into both scripts.

2) Shut down apache on the 4 front boxes.

3) run php get_userlist.php > usernames_temp  (this should take 5-7 minutes)

4) sort userlist_temp > usernames (not strictly necessary, but it'll make progress more obvious)

5) php user_rename.php

6) While 5 is happening, do an hg pull && update on the four frontends. Step 5 could well take an hour+

7) restart apache. We should be good to go at this point.
Comment 10 Anant Narayanan [:anant] 2009-07-17 11:41:33 PDT
Created attachment 389168 [details]
LDAP Migration Script

This script uses command line LDAP tools to perform the uid/dn changes
Comment 11 Anant Narayanan [:anant] 2009-07-17 11:42:50 PDT
Created attachment 389170 [details]
LDIF Generation Script

This script generates the LDIF required by ldapmodify
Comment 12 Anant Narayanan [:anant] 2009-07-19 10:17:51 PDT
Required LDAP changes have been made.
Comment 13 Anant Narayanan [:anant] 2009-07-19 10:18:21 PDT
Registration and password change scripts living on sm-proxy01 have been updated.
Comment 14 Zandr Milewski [:zandr] 2009-07-19 12:18:16 PDT
Database update complete and webheads restarted.

Logs are a little noisy, but nothing catastrophic, and the system is up.
Comment 15 Anant Narayanan [:anant] 2009-07-19 13:07:37 PDT
After cleaning up a little hitch in the weaveserver code, looks like we're up and running. Many thanks to Zandr and Toby for spending their Sunday mornings on this :)

Will reopen if any regressions are found.

Note You need to log in before you can comment on or make changes to this bug.