Page MenuHomePhabricator
Create Task
Maniphest T170774

Cannot create account on Wikitech wiki
Closed, ResolvedPublic
Actions

Description

I attempted to create an account on Wikitech wiki today. It failed on each of 5 attempts, each time giving the error "The authentication plugin denied the account creation." I ensured that my shell username was valid (all lowercase). On each try I had to retype my password so if that were the issue I would have got it right on one of the tries. Moreover no accounts have been created on the wiki since 13 July.

Related Objects

Event Timeline

BethNaught created this task.Jul 16 2017, 7:59 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 16 2017, 7:59 PM
Paladox added a project: wikitech.wikimedia.org.Jul 16 2017, 8:06 PM
Paladox subscribed.
Framawiki subscribed.Jul 16 2017, 10:17 PM
Framawiki added a comment.Jul 16 2017, 10:33 PM

I suppose that it's a problem from the security that was added for T168142: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse.
@Aklapper I can't find the related patch, the one that block account creation on wikitech for WP zero users. I dreamed ?

Framawiki triaged this task as High priority.Jul 16 2017, 10:37 PM

I've the same error The authentication plugin denied the account creation. if I try to create a new account. I'm not in a WP zero IP range.
So the registration on Wikitech is broken.

bd808 added a project: MediaWiki-Core-AuthManager.Jul 16 2017, 10:51 PM
bd808 subscribed.

Nothing is logged at normal logging levels when the account creation is denied. I can create new accounts from mediawiki.org so this seems to be isolated to wikitech.

bd808 claimed this task.Jul 16 2017, 11:06 PM
bd808 edited projects, added LDAP; removed MediaWiki-Core-AuthManager.

Account creation works on https://labtestwikitech.wikimedia.org/ which is running the same MediaWiki version, so this almost has to be config related.

While testing for account creation via https://toolsadmin.wikimedia.org/ I think I spotted the problem:

2017-07-16T22:58:06Z [4f11bef8c819458c96134434cc142874] striker.labsauth.utils WARNING: Id range limit exceded for uid_number. Soft limit 49999; next 53438
2017-07-16T22:58:07Z [4f11bef8c819458c96134434cc142874] striker.labsauth.utils WARNING: Id range limit exceded for uid_number. Soft limit 49999; next 53438

We have an LDAP id that is throwing things off. Actually there are two that are above the expected limits: 53436 and 53437. These are both in the range that we we use for tool accounts in Toolforge rather than the range that we use for normal shell users. I caused this problem when working on T158968: 'prometheus' service user vs. actual human account 'prometheus'. The fix needed is to put these uidNumbers back into the proper range and possibly to clear memcached counter values on wikitech.

Restricted Application added a project: User-bd808. · View Herald TranscriptJul 16 2017, 11:06 PM
bd808 edited projects, added cloud-services-team (Kanban); removed cloud-services-team.Jul 16 2017, 11:12 PM
bd808 moved this task from Inbox to Soon! on the cloud-services-team (Kanban) board.
Niedzielski mentioned this in T170783: 500 error when trying to create an LDAP account with meta unified account (/register/done).Jul 17 2017, 3:21 AM
bd808 merged a task: T170783: 500 error when trying to create an LDAP account with meta unified account (/register/done).Jul 17 2017, 3:33 AM
bd808 added a subscriber: Niedzielski.
bd808 added a comment.Jul 17 2017, 3:29 PM

Fixed the numeric uid values that were placed in the wrong range:

T170774-fix-uid.ldif
dn: uid=jberkley,ou=people,dc=wikimedia,dc=org
changetype: modify
replace: uidNumber
uidNumber: 17517

dn: uid=stjn,ou=people,dc=wikimedia,dc=org
changetype: modify
replace: uidNumber
uidNumber: 17518
bd808 closed this task as Resolved.Jul 17 2017, 3:33 PM

Verified fix by creating:

Niedzielski added a comment.Jul 17 2017, 5:42 PM

Yay! Thanks @bd808!

BethNaught added a comment.Jul 17 2017, 6:19 PM

Indeed, thank you!

bd808 moved this task from Soon! to Done on the cloud-services-team (Kanban) board.Jul 28 2017, 11:23 PM
bd808 moved this task from To Do to Done on the User-bd808 board.Jul 15 2020, 9:17 PM
Slst2020 mentioned this in T323271: Sharleen to set up Toolhub dev environment.Nov 21 2022, 8:48 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits