Closed Bug 502738 Opened 15 years ago Closed 15 years ago

Case-insensitive usernames should be enforced

Categories

(Cloud Services Graveyard :: Server: Sync, defect)

Product:
Cloud Services Graveyard
Component:
Server: Sync
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: anant, Assigned: anant)

Details

Attachments

(4 files)

php code to grab the users with uppercase letters
476 bytes, text/plain
Details
Takes the users in "usernames" and lowercases them in the db
555 bytes, text/plain
Details
LDAP Migration Script
441 bytes, text/plain
Details
LDIF Generation Script
932 bytes, text/plain
Details 
Weave usernames should be case insensitive. We currently do not (completely) ignore case, here is what should be done:

1. Update LDAP master on services.mozilla.com (sm-proxy01) to go through all DNs and update them to be based on the correct uid.

2. Update the weaveserver code to lowercase all incoming usernames before passing them on to storage and authentication modules.

3. Update the mySQL DB to ignore case in its rows so that the calls to the storage module (which was changed in (2)) will return the correct set.
This should also address Issue #1 in bug #502721.
The registration script on sm-proxy01 should also been updated to generate correct DNs.
Steps 2 and 3 have to be performed by IT because we don't have direct access to the boxes that host the weaveserver code and mySQL DBs.
Should be run as 

php get_userlist.php > usernames
run after get_usernames.php has generated the list
Note that the two files above have blank usernames, hosts and passwords. You'll need to fill in those constants before running.
Your blog post mentions that people on the old system would have to sign up for a new account if they didn't remember the case of their username...  if they created a new account that used the same username, but a different case, wouldn't that cause duplicates when you try to down-case all of the existing entries?
I believe we currently case-insensitively check for conflicts, so it's not possible to have multiple users with the same string but different casing. Anant mentioned in our meeting that he's already double checked that there are no conflicts.
So I'll be on hand for this, but there's actually nothing for me to do. Here's the steps that need to happen on Sunday:

1) Take the two scripts here and put them on one of the frontends (or the master, if it has mysql_client running there). Edit the files to put the username, password and hostname of the mysql master into both scripts.

2) Shut down apache on the 4 front boxes.

3) run php get_userlist.php > usernames_temp  (this should take 5-7 minutes)

4) sort userlist_temp > usernames (not strictly necessary, but it'll make progress more obvious)

5) php user_rename.php

6) While 5 is happening, do an hg pull && update on the four frontends. Step 5 could well take an hour+

7) restart apache. We should be good to go at this point.
Attached file LDAP Migration Script 
This script uses command line LDAP tools to perform the uid/dn changes
Attached file LDIF Generation Script 
This script generates the LDIF required by ldapmodify
Attachment #389168 - Attachment mime type: application/octet-stream → text/plain
Attachment #389170 - Attachment mime type: application/octet-stream → text/plain
Required LDAP changes have been made.
Registration and password change scripts living on sm-proxy01 have been updated.
Database update complete and webheads restarted.

Logs are a little noisy, but nothing catastrophic, and the system is up.
After cleaning up a little hitch in the weaveserver code, looks like we're up and running. Many thanks to Zandr and Toby for spending their Sunday mornings on this :)

Will reopen if any regressions are found.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Product: Cloud Services → Cloud Services Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: