Page MenuHomePhabricator

Change LDAP cn to something more useful (was Rename "Dzahn" to "Daniel Zahn" in Gerrit)
Open, LowPublic

Description

I would like to change my name in Gerrit from "Dzahn" to "Daniel Zahn" and just use First Last like others in the team do.

But only if i can also change the entire history, i think i'd rather not if it means older commits are under a different name.

Am i on my own or would anyone help who did it before ? Who did?


@hashar wrote:

TL;DR: have your wikitech account renamed to "Daniel Zahn" to update your LDAP cn which is used as the displayed name in Gerrit.


+ @laner who wrote the LdapAuthentication extension, created labs and installed Gerrit
+ @faidon with whom I talked about it (iirc)
+ @demon who is cursed as Gerrit maintainer

Blame LDAP and our original Gerrit configuration. I proposed a patch to change the field Gerrit uses from LDAP for the account in April 2012 at https://gerrit.wikimedia.org/r/#/c/4166/ where I proposed to use the unique identifier to authenticate instead of the cn which is the wiki account:

-accountPattern = (&(objectClass=person)(cn=${username}))
+accountPattern = (&(objectClass=person)(uid=${username}))
 accountFullName = cn  # used by Gerrit for display purposes
This way someone with:
  uid: brion
  cn:  Brion Vibber
Will be able to log in gerrit using 'brion' and will have for realname
'Brion Vibber' whenever a merge is done on his behalf by Gerrit.

cn comes from the wikitech login. The proposed change was rejected since people would have to login in Gerrit with their shell account and most users would want different things as shell and wiki account.

For display purposes, Gerrit uses cn:

[ldap]
accountFullName = cn

So, for now, the only way is to change your labs account on Wikitech from Dzahn to Daniel Zahn and use the later to login on wikitech (and other ldap backed sites). That will change the cn and update your full name.

Your LDAP account has:

uid: dzahn  # shell account
cn: Dzahn  # shown in Gerrit as full name

Mine:

uid: hashar  # shell account
cn: Hashar   # shown in Gerrit as full name week

So the root cause is we lack something to express the common name in MediaWiki. The wiki signature contains wiki which is not ideal. Lot of people use their common name as a wikitech login (and then it is displayed in Gerrit).

Currently we have:

FieldExample 1Example 2Example 3Example 4
common name (cn) && wiki accountDZahnHasharBrion VIBBERCscott
shell (uid)dzahnhasharbrioncscott

We would need a third field and end up in a situation where we can disambiguate the common name and wiki account:

FieldExample 1volunteercontractorExample 3Example 4
wiki accountDzahnHasharAmusso (WMF)Brion VIBBERCscott
shell (uid)dzahnhasharamussobrioncscott
common name (cn)Daniel ZahnAntoine MussoAntoine MussoBrion VibberC. Scott Ananian

Event Timeline

Dzahn raised the priority of this task from to Needs Triage.
Dzahn updated the task description. (Show Details)
Dzahn added a project: acl*sre-team.
Dzahn added a subscriber: Dzahn.
Dzahn triaged this task as Low priority.Sep 25 2015, 7:55 PM

TL;DR: have your wikitech account renamed to "Daniel Zahn" to update your LDAP cn which is used as the displayed name in Gerrit.

Moved the long explanation to the task details so others can easily amend / edit as needed

May I say RFC 4519 (http://tools.ietf.org/html/rfc4519) does not have a field for shellAccount or wikiAccount ? But then IANALdap guy.

But only if i can also change the entire history, [...]

If by 'history', you mean the Author and Committer fields in git, then you're basically out of luck.
Git (not Gerrit) is using those when computing checksums/commit hashes.
So changing Author/Committer would mean having to rewrite history for the repos and for each commit that you touched, all descending commits would get new commit hashes.
That would be very disruptive on many fronts:

  • Tags would need to be updated.
  • Branches would need to be updated.
  • Commit hashes mentioned in documentation would need to get updated.
  • [...]

For past commits, we can add a .mailmap file at the root of the repository. That let you alias an old name/alias with a new pair.

Example: https://github.com/git/git/blob/master/.mailmap

hashar renamed this task from Rename "Dzahn" to "Daniel Zahn" in Gerrit to Change LDAP cn to something more useful (was Rename "Dzahn" to "Daniel Zahn" in Gerrit).Jul 25 2016, 8:15 PM
hashar updated the task description. (Show Details)
hashar set Security to None.
hashar added a subscriber: cscott.

Keep in mind, your user name in commits is set based off of your local git's user.name setting and has no impact on Gerrit. The only place it needs to match is your e-mail so it knows who you are ;-) And as qchris said, this is not mutable.

Updating the display name works fine.

I'm not sure this should be broadened into a general "clean this all up" bug.

We may be able to do something about this trivially after completing T161859: Make Wikitech an SUL wiki.

As @hashar points out in the summary, today we use the cn attribute of each LDAP objectClass: person record for multiple things. In addition to being the display name for a Gerrit account it is also the name of the MediaWiki local user account used on wikitech.wikimedia.org. To complete the SUL migration for wikitech we will likely do something like the solution proposed in T148048: Store Wikimedia unified account name (SUL) in LDAP directory to maintain an association between the objectClass: posixAccount attributes stored in the same LDAP record and a SUL account. The posixAccount schema only uses the cn attribute as default GECOS data for each account, so changes to it do not have a material effect on the use of the record for NIS lookups which will be the primary use-case for LDAP data in the Cloud Services environment.