Page MenuHomePhabricator

Unable to log in to Toolforge admin - LDAP account doesn't exist/needs password reset?
Closed, ResolvedPublic

Description

Hi,

I created a Toolforge account (Firefly), linking it with my Wikimedia account (User:Richard0612 - soon to be renamed to match). I submitted a membership request, which was approved: https://toolsadmin.wikimedia.org/tools/membership/status/303

However, now I cannot log in to my account through the login page (https://toolsadmin.wikimedia.org/auth/login). The password stored in my browser's password manager doesn't work. I asked on IRC, and was told to reset it on Wikitech (here: https://wikitech.wikimedia.org/wiki/Special:PasswordReset). That didn't work, as no such account exists, and I was recommended to open a Phabricator task to ask whether the 'Firefly' account could be (re)created, or the password reset for me if it does in fact exist.

Thanks!
Richard

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 13 2018, 3:03 PM

Wikitech says: User account "Firefly" is not registered, and I don't see any rename logs there. User Richard0612 is not registered on Wikitech either. This is weird.

MarcoAurelio added a comment.EditedMay 13 2018, 5:34 PM

Running ldapsearch for uid=firefly has results so the account exists on the bastion, but not on Wikitech? (cn/sn=Firefly, uid=firefly).

Should the Wikitech account have been created automatically? The instructions don't specify creating one manually...

@Richard0612 It should be one in the same with the Ldap account (that does exist, as pointed out). Some bug is going on here.

Your user is also visible in the toolsadmin interface, which means I should be able to create a tool and add you to it if you want.

Should the Wikitech account have been created automatically? The instructions don't specify creating one manually...

Did you create the account via https://toolsadmin.wikimedia.org/register/?

I am thinking that Wikitech account creation is actually accomplished on the first time a user connects to it with a valid ldap account. It makes sense that if @Richard0612 would have created the account and added the ssh key via Toolsadmin and never connected to Wikitech the current state would happen validly. A valid ldap account and no Wikitech account.

From that point, I guess this task could be used for someone to manually reset the password for the Firefly ldap account and send the password to @Richard0612. (who should promptly log in to Wikitech to prevent a recurrence)

Maybe we should also look into forcing a Wikitech account creation in Striker.

@Peachey88 Yep, that's the method I used to create the account.

@Chicocvenancio That makes sense,,, if someone could reset & email me the password I can connect the account to Wikitech. Glad I might have helped find an edge case in the registration process at least, and not just screwed up somewhere!

bd808 added a subscriber: bd808.May 14 2018, 1:45 AM

This is basically another case of T174469: LDAP account that is not attached on wikitech has no means for password reset. I have not been able to find an easy way to automatically attach the LDAP accounts that are created from toolsadmin on wikitech.

bd808 added a comment.May 14 2018, 1:52 AM

I attached the 'Firefly' account on wikitech using the extensions/OpenStackManager/maintenance/attachLdapUser.php script -- https://wikitech.wikimedia.org/w/index.php?title=Special%3ALog&type=newusers&user=&page=Firefly&year=&month=-1&tagfilter=&hide_thanks_log=1&hide_patrol_log=1&hide_tag_log=1

@Richard0612, you should now be able to use https://wikitech.wikimedia.org/wiki/Special:PasswordReset to set a new password for the account.

bd808 closed this task as Resolved.May 14 2018, 1:52 AM
bd808 claimed this task.
bd808 edited projects, added cloud-services-team (Kanban); removed cloud-services-team.
Vvjjkkii renamed this task from Unable to log in to Toolforge admin - LDAP account doesn't exist/needs password reset? to s1caaaaaaa.Jul 1 2018, 1:10 AM
Vvjjkkii reopened this task as Open.
Vvjjkkii removed bd808 as the assignee of this task.
Vvjjkkii triaged this task as High priority.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed subscribers: MarcoAurelio, Aklapper.
CommunityTechBot renamed this task from s1caaaaaaa to Unable to log in to Toolforge admin - LDAP account doesn't exist/needs password reset?.Jul 2 2018, 4:14 PM
CommunityTechBot closed this task as Resolved.
CommunityTechBot assigned this task to bd808.
CommunityTechBot raised the priority of this task from High to Needs Triage.
CommunityTechBot updated the task description. (Show Details)