Closed
Bug 502738
Opened 15 years ago
Closed 15 years ago
Case-insensitive usernames should be enforced
Categories
(Cloud Services Graveyard :: Server: Sync, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: anant, Assigned: anant)
Details
Attachments
(4 files)
Weave usernames should be case insensitive. We currently do not (completely) ignore case, here is what should be done: 1. Update LDAP master on services.mozilla.com (sm-proxy01) to go through all DNs and update them to be based on the correct uid. 2. Update the weaveserver code to lowercase all incoming usernames before passing them on to storage and authentication modules. 3. Update the mySQL DB to ignore case in its rows so that the calls to the storage module (which was changed in (2)) will return the correct set.
Comment 1•15 years ago
|
||
This should also address Issue #1 in bug #502721.
Assignee | ||
Comment 2•15 years ago
|
||
The registration script on sm-proxy01 should also been updated to generate correct DNs.
Assignee | ||
Comment 3•15 years ago
|
||
Steps 2 and 3 have to be performed by IT because we don't have direct access to the boxes that host the weaveserver code and mySQL DBs.
Comment 4•15 years ago
|
||
Should be run as php get_userlist.php > usernames
Comment 5•15 years ago
|
||
run after get_usernames.php has generated the list
Comment 6•15 years ago
|
||
Note that the two files above have blank usernames, hosts and passwords. You'll need to fill in those constants before running.
Comment 7•15 years ago
|
||
Your blog post mentions that people on the old system would have to sign up for a new account if they didn't remember the case of their username... if they created a new account that used the same username, but a different case, wouldn't that cause duplicates when you try to down-case all of the existing entries?
Comment 8•15 years ago
|
||
I believe we currently case-insensitively check for conflicts, so it's not possible to have multiple users with the same string but different casing. Anant mentioned in our meeting that he's already double checked that there are no conflicts.
Comment 9•15 years ago
|
||
So I'll be on hand for this, but there's actually nothing for me to do. Here's the steps that need to happen on Sunday: 1) Take the two scripts here and put them on one of the frontends (or the master, if it has mysql_client running there). Edit the files to put the username, password and hostname of the mysql master into both scripts. 2) Shut down apache on the 4 front boxes. 3) run php get_userlist.php > usernames_temp (this should take 5-7 minutes) 4) sort userlist_temp > usernames (not strictly necessary, but it'll make progress more obvious) 5) php user_rename.php 6) While 5 is happening, do an hg pull && update on the four frontends. Step 5 could well take an hour+ 7) restart apache. We should be good to go at this point.
Assignee | ||
Comment 10•15 years ago
|
||
This script uses command line LDAP tools to perform the uid/dn changes
Assignee | ||
Comment 11•15 years ago
|
||
This script generates the LDIF required by ldapmodify
Assignee | ||
Updated•15 years ago
|
Attachment #389168 -
Attachment mime type: application/octet-stream → text/plain
Assignee | ||
Updated•15 years ago
|
Attachment #389170 -
Attachment mime type: application/octet-stream → text/plain
Assignee | ||
Comment 12•15 years ago
|
||
Required LDAP changes have been made.
Assignee | ||
Comment 13•15 years ago
|
||
Registration and password change scripts living on sm-proxy01 have been updated.
Comment 14•15 years ago
|
||
Database update complete and webheads restarted. Logs are a little noisy, but nothing catastrophic, and the system is up.
Assignee | ||
Comment 15•15 years ago
|
||
After cleaning up a little hitch in the weaveserver code, looks like we're up and running. Many thanks to Zandr and Toby for spending their Sunday mornings on this :) Will reopen if any regressions are found.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Updated•1 year ago
|
Product: Cloud Services → Cloud Services Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•