Page MenuHomePhabricator
Create Task
Maniphest T215092

Rename developer account 'DannyS712 bot' to 'DannyS712'
Closed, ResolvedPublic
Actions

Description

Hi. So I while ago I created a toolforge account for my (then-future) bot, User:DannyS712 bot, with the Unix Shell username "Dannys712", the wikimedia account "DannyS712", and the phabricator account "DannyS712". I then forgot all about this, until I recently went to make a toolforge account for myself (User:DannyS712), and found that I could not connect it to my actual wikimedia or phabricator accounts since those were already in use. How do I change these?

Goal:
DannyS712 bot:
Unix Shell: DannyS712 bot
Wikimedia: DannyS712 bot
phabricator account: none

DannyS712:
Unix Shell: DannyS712
Wikimedia: DannyS712
phabricator: DannyS712

Related Objects

Event Timeline

DannyS712 created this task.Feb 2 2019, 5:59 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 2 2019, 5:59 AM
Peachey88 added a project: LDAP.Feb 3 2019, 8:21 AM
bd808 claimed this task.Feb 8 2019, 7:06 AM
bd808 added a project: cloud-services-team (Kanban).
bd808 subscribed.
$ ldap 'cn=DannyS712 bot' \*
dn: uid=dannys712,ou=people,dc=wikimedia,dc=org
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ldapPublicKey
objectClass: posixAccount
objectClass: shadowAccount
cn: DannyS712 bot
gidNumber: 500
homeDirectory: /home/dannys712
loginShell: /bin/bash
sn: DannyS712 bot
uidNumber: 20511
uid: dannys712
mail: redacted@redacted.redacted

The existing Developer account is not a member of any Cloud VPS projects which makes changing it a bit easier. It sounds like what should be done here is a change of the cn and sn for uid=dannys712 to DannyS712.

bd808 renamed this task from Change toolforge account settings to Rename developer account 'DannyS712 bot' to 'DannyS712'.Feb 8 2019, 7:06 AM
DannyS712 added a comment.EditedFeb 8 2019, 7:17 PM
In T215092#4937315, @bd808 wrote:
$ ldap 'cn=DannyS712 bot' \*
dn: uid=dannys712,ou=people,dc=wikimedia,dc=org
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ldapPublicKey
objectClass: posixAccount
objectClass: shadowAccount
cn: DannyS712 bot
gidNumber: 500
homeDirectory: /home/dannys712
loginShell: /bin/bash
sn: DannyS712 bot
uidNumber: 20511
uid: dannys712
mail: redacted@redacted.redacted

The existing Developer account is not a member of any Cloud VPS projects which makes changing it a bit easier. It sounds like what should be done here is a change of the cn and sn for uid=dannys712 to DannyS712.

@bd808 I already have another "DannyS712" account that I made separately (I'm dumb). That account just got accepted as a toolforge developer. Does that change anything?

bd808 added a comment.Feb 8 2019, 7:47 PM
In T215092#4939172, @DannyS712 wrote:

@bd808 I already have another "DannyS712" account that I made separately (I'm dumb). That account just got accepted as a toolforge developer. Does that change anything?

$ ldap 'cn=DannyS712' \* \+
dn: uid=dannys712-main,ou=people,dc=wikimedia,dc=org
uid: dannys712-main
sn: DannyS712
cn: DannyS712
objectClass: inetOrgPerson
objectClass: person
objectClass: ldapPublicKey
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 20851
gidNumber: 500
homeDirectory: /home/dannys712-main
loginShell: /bin/bash
structuralObjectClass: inetOrgPerson
entryUUID: b375f7a0-afd3-1038-91b3-07d28d224254
creatorsName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
createTimestamp: 20190119011715Z
memberOf: cn=project-tools,ou=groups,dc=wikimedia,dc=org
mail: redacted@redacted.redacted
entryCSN: 20190207232658.161884Z#000000#001#000000
modifiersName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
modifyTimestamp: 20190207232658Z
entryDN: uid=dannys712-main,ou=people,dc=wikimedia,dc=org
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

Yes, this does make things a bit harder to clean up. It looks like you have not actually logged into a Toolforge bastion using the dannys712-main account yet, so the administrative fix I would propose is:

  • Revoke dannys712-main's Toolforge membership
  • Block DannyS712 on Wikitech
  • Rename DannyS712 on Wikitech to something else to free up the username
  • Rename "DannyS712 bot" to "DannyS712"

Then you can reapply for Toolforge access under the newly renamed DannyS712 account and create your bot's account as a tool rather than a user. There is really no reason to create a developer account for the bot itself. It should be a tool account within Toolforge that uses the bot's Wikimedia account when editing wikis.

DannyS712 added a comment.Feb 8 2019, 10:21 PM
In T215092#4939253, @bd808 wrote:
In T215092#4939172, @DannyS712 wrote:

@bd808 I already have another "DannyS712" account that I made separately (I'm dumb). That account just got accepted as a toolforge developer. Does that change anything?

$ ldap 'cn=DannyS712' \* \+
dn: uid=dannys712-main,ou=people,dc=wikimedia,dc=org
uid: dannys712-main
sn: DannyS712
cn: DannyS712
objectClass: inetOrgPerson
objectClass: person
objectClass: ldapPublicKey
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 20851
gidNumber: 500
homeDirectory: /home/dannys712-main
loginShell: /bin/bash
structuralObjectClass: inetOrgPerson
entryUUID: b375f7a0-afd3-1038-91b3-07d28d224254
creatorsName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
createTimestamp: 20190119011715Z
memberOf: cn=project-tools,ou=groups,dc=wikimedia,dc=org
mail: redacted@redacted.redacted
entryCSN: 20190207232658.161884Z#000000#001#000000
modifiersName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
modifyTimestamp: 20190207232658Z
entryDN: uid=dannys712-main,ou=people,dc=wikimedia,dc=org
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

Yes, this does make things a bit harder to clean up. It looks like you have not actually logged into a Toolforge bastion using the dannys712-main account yet, so the administrative fix I would propose is:

  • Revoke dannys712-main's Toolforge membership
  • Block DannyS712 on Wikitech
  • Rename DannyS712 on Wikitech to something else to free up the username
  • Rename "DannyS712 bot" to "DannyS712"

Then you can reapply for Toolforge access under the newly renamed DannyS712 account and create your bot's account as a tool rather than a user. There is really no reason to create a developer account for the bot itself. It should be a tool account within Toolforge that uses the bot's Wikimedia account when editing wikis.

@bd808 Sorry, I didn't know that at the time. Please scramble the DannyS712 account's name, and proceed as you describe above. I'll learn toolforge soon, I promise :). Sorry for the trouble.

DannyS712 added a comment.Feb 18 2019, 7:25 AM

@bd808 any updates?

Stashbot subscribed.Feb 19 2019, 1:49 AM

Mentioned in SAL (#wikimedia-cloud) [2019-02-19T01:49:26Z] <bd808> Revoked Toolforge project membership for user DannyS712 (T215092)

bd808 closed this task as Resolved.Feb 19 2019, 2:26 AM
  • Update LDAP to match wikitech renames
T215092-rename-DannyS712.ldif
dn: uid=dannys712-main,ou=people,dc=wikimedia,dc=org
changetype: modify
replace: cn
cn: DannyS712-abandoned

dn: uid=dannys712-main,ou=people,dc=wikimedia,dc=org
changetype: modify
replace: sn
sn: DannyS712-abandoned

dn: uid=dannys712,ou=people,dc=wikimedia,dc=org
changetype: modify
replace: cn
cn: DannyS712

dn: uid=dannys712,ou=people,dc=wikimedia,dc=org
changetype: modify
replace: sn
sn: DannyS712
$ ldapmodify -v -D 'uid=novaadmin,ou=people,dc=wikimedia,dc=org' -W -f T215092-rename-DannyS712.ldif
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
replace cn:
        DannyS712-abandoned
modifying entry "uid=dannys712-main,ou=people,dc=wikimedia,dc=org"
modify complete

replace sn:
        DannyS712-abandoned
modifying entry "uid=dannys712-main,ou=people,dc=wikimedia,dc=org"
modify complete

replace cn:
        DannyS712
modifying entry "uid=dannys712,ou=people,dc=wikimedia,dc=org"
modify complete

replace sn:
        DannyS712
modifying entry "uid=dannys712,ou=people,dc=wikimedia,dc=org"
modify complete
$ ldap uid=dannys712 \* \+
dn: uid=dannys712,ou=people,dc=wikimedia,dc=org
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ldapPublicKey
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 500
homeDirectory: /home/dannys712
loginShell: /bin/bash
uidNumber: 20511
structuralObjectClass: inetOrgPerson
uid: dannys712
entryUUID: cdc24234-7ed8-1038-9032-6b96f504b1f1
creatorsName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
createTimestamp: 20181117172020Z
pwdChangedTime: 20181205012516Z
mail: redacted@redacted.redacted
cn: DannyS712
sn: DannyS712
entryCSN: 20190219020121.959797Z#000000#001#000000
modifiersName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
modifyTimestamp: 20190219020121Z
entryDN: uid=dannys712,ou=people,dc=wikimedia,dc=org
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
$ ldap uid=dannys712-main \* \+
dn: uid=dannys712-main,ou=people,dc=wikimedia,dc=org
uid: dannys712-main
objectClass: inetOrgPerson
objectClass: person
objectClass: ldapPublicKey
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 20851
gidNumber: 500
homeDirectory: /home/dannys712-main
loginShell: /bin/bash
structuralObjectClass: inetOrgPerson
entryUUID: b375f7a0-afd3-1038-91b3-07d28d224254
creatorsName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
createTimestamp: 20190119011715Z
mail: redacted@redacted.redacted
cn: DannyS712-abandoned
sn: DannyS712-abandoned
entryCSN: 20190219020121.911308Z#000000#001#000000
modifiersName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
modifyTimestamp: 20190219020121Z
entryDN: uid=dannys712-main,ou=people,dc=wikimedia,dc=org
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
  • Update Striker's local database to match wikitech renames
$ ssh labweb1001.wikimedia.org
$ cd /srv/deployment/striker
$ sudo -u www-data venv/bin/python deploy/striker/manage.py shell
Python 3.5.3 (default, Jan 19 2017, 14:11:04)
[GCC 6.3.0 20170118] on linux
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
>>> import striker.labsauth.models as models
>>> old = models.LabsUser.objects.get(ldapname='DannyS712')
>>> old.ldapname = 'DannyS712-redacted'
>>> old.save()
>>> u = models.LabsUser.objects.get(ldapname='DannyS712 bot')
>>> u.ldapname = 'DannyS712'
>>> u.save()
>>>

Current state should be:

  • The developer account formerly named 'DannyS712' is now named 'DannyS712-abandoned'
  • The developer account formerly named 'DannyS712 bot' is now named 'DannyS712'
  • Neither developer account is an Toolforge member
DannyS712 reopened this task as Open.Feb 19 2019, 5:25 AM

@bd808
Yeah, its not working. I tried to log in:
At wikitech.wikimedia.org, user:DannyS712 and password XXX works
At toolsadmin.wikimedia.org, user:DannyS712 doesn't work with any password I tried, including XXX
At toolsadmin.wikimedia.org, when I clicked “Login with your Wikimedia account”, I was told:

  1. Authenticated as OAuth user DannyS712
  2. Wikimedia account is already in use.

Please help. Maybe another password reset? I'm sorry to be such a hassle

bd808 added a comment.Feb 19 2019, 5:34 AM

Looks like my attempt to clean the data in toolsadmin (Striker) was not quite right:

2019-02-19T05:13:11Z [9f21cd67192e4fedaec7ea0ea5808f9f] django_auth_ldap WARNING: (1062, "Duplicate entry 'DannyS712' for key 'ldapname'") while authenticating DannyS712 bot

I decided to try deleting the existing cache of information there instead.

@DannyS712, please try to log into toolsadmin.wikimedia.org again using the same username and password that worked for you on Wikitech.

DannyS712 added a comment.Feb 20 2019, 12:38 AM

@bd808 It took a few tries, but it worked (with the username "dannyS712" (lowercase d, not a big deal); I have successfully connected my phab and wikitech accounts! Can you add me back as a Toolforge member?

bd808 added a comment.Feb 20 2019, 12:42 AM
In T215092#4967295, @DannyS712 wrote:

@bd808 It took a few tries, but it worked (with the username "dannyS712" (lowercase d, not a big deal);

Your shell account name is 'dannyS712' but the LDAP/Wikitech/Developer account username should be 'DannyS712'.

I have successfully connected my phab and wikitech accounts! Can you add me back as a Toolforge member?

Submit a new membership request via https://toolsadmin.wikimedia.org and I will approve it.

DannyS712 added a comment.Feb 20 2019, 2:22 AM

@bd808 That's what I meant, and {{done}}

bd808 closed this task as Resolved.Feb 20 2019, 9:00 PM

Approved! https://toolsadmin.wikimedia.org/tools/membership/status/483

DannyS712 moved this task from Unsorted to Resolved tasks (others) on the User-DannyS712 board.Mar 8 2019, 12:45 AM
hashar mentioned this in T261263: Rename gerrit account `dannys712-main` to `dannys712`.Aug 31 2020, 9:41 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL