Page MenuHomePhabricator
Create Task
Maniphest T138102

Some Tools users do not show up in create-dbusers query
Closed, ResolvedPublic
Actions

Description

(Probably inter alia) the user fdamken/Fabian24d97 is a member of the Toolforge project, but does not show up in the query by create-dbusers (cf. T138037). The LDAP query returns 1062 users, getent group project-tools | tr -cd , | wc -c 1160 (+ 1). Maybe this is related to LDAP paging (T122595).

Details

SubjectRepoBranchLines +/-
labstore: Fix LDAP query for project membersoperations/puppetproduction+2 -2
labstore: Fix LDAP query for project membersoperations/puppetproduction+2 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

scfc created this task.Jun 17 2016, 7:07 PM
Restricted Application added a project: Cloud-Services. · View Herald TranscriptJun 17 2016, 7:07 PM
scfc added a comment.Jun 18 2016, 2:32 AM

Most likely, this is not related to LDAP paging because (AFAIUI) that only affects the number of "entries" returned. In this case, there is always only one entry (project-tools), and it is the number of returned attributes that is the problem.

The missing users are all at the end of ldaplist -l group project-tools, so I assume that this is a problem in python3-ldap3 vs. python-ldap that is used by ldaplist.

scfc added a comment.Jun 18 2016, 3:31 AM

A naive:

#!/usr/bin/python2

import ldap

ds = ldap.initialize('ldap://ldap-labs.eqiad.wikimedia.org:389')
ds.binddn = 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org'
ds.bindpw = '$passwd'
ds.protocol_version = ldap.VERSION3
ds.start_tls_s()
ds.simple_bind_s(ds.binddn, ds.bindpw)
PosixData = ds.search_s('ou=projects,dc=wikimedia,dc=org', ldap.SCOPE_SUBTREE,
                        '(cn=tools)',
                        ['member'])

also only returns 1063 attributes. So ldapsupportlib seems to do some magic.

scfc claimed this task.Jun 18 2016, 10:22 PM

The problem stems from the OpenStack migration: Previously, cn=tools,ou=projects,dc=wikimedia,dc=org had the authoritative information about members of a project in addition to cn=project-tools,ou=groups,dc=wikimedia,dc=org. Now, only the latter is updated and the former entry is stale (AFAIUI).

gerritbot subscribed.Jun 18 2016, 10:48 PM

Change 295099 had a related patch set uploaded (by Tim Landscheidt):
labstore: Fix LDAP query for project members

https://gerrit.wikimedia.org/r/295099

gerritbot added a project: Patch-For-Review.Jun 18 2016, 10:48 PM
scfc mentioned this in rOPUP4aab1e419f7a: labstore: Fix LDAP query for project members.Jun 18 2016, 10:54 PM
scfc mentioned this in T138150: Purge stale data from LDAP.Jun 18 2016, 10:58 PM
scfc moved this task from Backlog to Waiting for code review on the Toolforge board.Jun 18 2016, 11:14 PM
gerritbot added a comment.Jun 20 2016, 1:49 PM

Change 295099 merged by Andrew Bogott:
labstore: Fix LDAP query for project members

https://gerrit.wikimedia.org/r/295099

Andrew mentioned this in rOPUP4ba53ce707dd: labstore: Fix LDAP query for project members.Jun 20 2016, 1:53 PM
gerritbot added a comment.Jun 20 2016, 1:58 PM

Change 295225 had a related patch set uploaded (by Andrew Bogott):
labstore: Fix LDAP query for project members

https://gerrit.wikimedia.org/r/295225

Andrew mentioned this in rOPUPa01dca3bd2b2: labstore: Fix LDAP query for project members.Jun 20 2016, 2:02 PM
gerritbot added a comment.Jun 20 2016, 2:19 PM

Change 295225 merged by Andrew Bogott:
labstore: Fix LDAP query for project members

https://gerrit.wikimedia.org/r/295225

scfc closed this task as Resolved.Jun 20 2016, 9:11 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits