Page MenuHomePhabricator
Create Task
Maniphest T335510

WikitechPhabBan seems broken due to a bad JSON query in user.ldapquery
Closed, InvalidPublicBUG REPORT
Actions

Description

Plently of Phab user.ldapquery error '{"result":null,"error_code":"ERR-INVALID-PARAMETER","error_info":"Unknown or missing ldap names: **REDACTED**"}' in Logstash. See e.g. this entry.

Taking a look at https://phabricator.wikimedia.org/conduit/method/user.ldapquery/ Phabricator Conduit expects double quotes, which we are not using, thus it errors. [ username ] is not valid, it needs ["username"].

I guess we either wrap $username with double quotes (["$username"]) or use [ json_encode($username) ]. I think the later is best.

See also T306297: Wikitech->Gerrit account block and unblock has stopped working.

Details

SubjectRepoBranchLines +/-
Unbreak WikitechPhabBan mechanismoperations/mediawiki-configmaster+1 -1
Customize query in gerrit

Related Objects

Event Timeline

MarcoAurelio created this task.Apr 27 2023, 2:10 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 27 2023, 2:10 PM
gerritbot added a comment.Apr 27 2023, 2:10 PM

Change 911803 had a related patch set uploaded (by MarcoAurelio; author: MarcoAurelio):

[operations/mediawiki-config@master] Unbreak WikitechPhabBan mechanism

https://gerrit.wikimedia.org/r/911803

gerritbot added a project: Patch-For-Review.Apr 27 2023, 2:10 PM
MarcoAurelio updated the task description. (Show Details)Apr 27 2023, 2:19 PM
MarcoAurelio added a comment.Apr 27 2023, 2:53 PM

Hmm. If the Wikitech account is not linked to any Phabricator account it displays the same error message apparently. Does anyone have test Wikitech and Phabricator accounts that could be used for checking?

bd808 subscribed.Apr 27 2023, 3:00 PM

That error message is completely legitimate. It generally means "this Developer account has not been associated with a Phabricator account." Do you have examples where this is verifiably not the case?

The T306297: Wikitech->Gerrit account block and unblock has stopped working bug is a completely different issue with Gerrit's user lookup and the input we send to it.

MarcoAurelio closed this task as Invalid.Apr 27 2023, 5:10 PM
In T335510#8810897, @bd808 wrote:

That error message is completely legitimate. It generally means "this Developer account has not been associated with a Phabricator account." Do you have examples where this is verifiably not the case?

The T306297: Wikitech->Gerrit account block and unblock has stopped working bug is a completely different issue with Gerrit's user lookup and the input we send to it.

I think I made a mistake here, sorry. The logstash entry that prompted this task, linked above, refers to an account that exists both on Wikitech and Phabricator, but the Phabricator account is not linked to the Wikitech one (on the Phab user profile I mistakenly read LDAP User where it says MediaWiki user), so I guess it's right it reports an error.

gerritbot added a comment.Apr 27 2023, 5:10 PM

Change 911803 abandoned by MarcoAurelio:

[operations/mediawiki-config@master] Unbreak WikitechPhabBan mechanism

Reason:

Per Task.

https://gerrit.wikimedia.org/r/911803

bd808 added a comment.Apr 27 2023, 5:21 PM
In T335510#8811361, @MarcoAurelio wrote:

I think I made a mistake here, sorry. The logstash entry that prompted this task, linked above, refers to an account that exists both on Wikitech and Phabricator, but the Phabricator account is not linked to the Wikitech one (on the Phab user profile I mistakenly read LDAP User where it says MediaWiki user), so I guess it's right it reports an error.

Completely understandable confusion. In hindsight the message I wrote for the failure case on the Phabricator API side could be better as well. Something like "No accounts found linked to LDAP user(s): $USERNAME" I think would be more ideal.

Maintenance_bot removed a project: Patch-For-Review.Apr 27 2023, 5:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits