I've been trying to add users as reviewers to changes. I've stumbled upon a strange issue. If I identify users by their username, everything goes smoothly. If I identify them by email, Gerrit complains.
what works:
ssh -p 29418 user#review.example.com gerrit set-reviewers --add username changeid
what doesn't work:
ssh -p 29418 user#review.example.com gerrit set-reviewers --add username#example.com changeid
The user has username as their user name and username#example.com as their email address.
What Gerrit responds with is:
error: could not add username#example com: username#example.com does not identify a registered user or group
Resolved it myself, peeking in the source code helped.
The SSH command set-reviewers is handled by a class named PostReviewers. This delegates to AccountsCollection to parse the reviewer and turn it into an account id. This is where the problem is - I have two users identified by the same email address, so AccountsCollection#_parse(String) returns nothing.
Why two accounts with the same email? I've got multiple instances of Gerrit I work with, I log in via OpenID, and on one environment I need to see my changes from the "parent" environment. That's where a small hack in the database was applied and everything worked. Until now :)
Related
I have tried google it and check the gitlab-documentation but did not find a good answer for this.
When I setup GitLab I am advised to test my SSH-keys to my GitLab URL instance.
I use git#gitlab.com.
What actually happens when I run "ssh git#gitlab.com"
I understand how you use SSH to login to a remote device e.g. Cisco Router with SSH Admin. But in this case: who is git#gitlab.com? [username]#gitlab.com makes more sense to me.
Somehow it must find my Gitlab account (since it is there my public key is stored). How can I do that when I use a generic git#gitlab.com ?
I am after a more step-by-step answer (Client-Server)
[username]#gitlab.com makes more sense to me
It would not: that would ask to open an SSH session as 'username': that account does not exist. Only one account exists: 'git'.
Then, in ~/.ssh/authrorized_keys, your public key is found, alongside:
an ID (as shown here), matching your registered GitLab account,
a forced command, which will call a GitLab script in order to execute the Git command.
That way:
there is no interractive session possible on GitLab's server
the project gitlab-shell gets your ID and hangle your Git query
for found it, go in repository on clone, select ssh, begin start copy up to :,
now test
I am attempting to use ldapsearch to troubleshoot why I am having some odd issues with users.
I can run the following query and find a user that is in AD:
ldapsearch -h <my_host> -p 389 -x -b "cn=users,dc=domain,dc=name" -s sub "name=test 01"
This returns with information for the user as I would expect. If I run the same command but switch test01 to test02, I get "result:32 No such object".
I have gone into AD and I see that the user is in the same structure/folder as the other user. They have the same exact permissions. I opened both users side by side in ADSI Edit and I see the "name" attribute is correct. I disabled and reenabled the user. I even combed line by line in ADSI Edit between a working user and the one that is not working and they appear identical. I have tried to search on other attributes such as sAMAAccountName and it still fails for this individual user. I have ensured I am using the admin account with adsi and there is no difference in the structure of where the user lives
This user was working correctly until fairly recently. The only thing I have been able to find is by using ldapsearch and it failing to find the object (as everything I have searched in AD looked correct). If I run an entire search (without the -s option), I see that it finds:
# test 02, Users, domain.name
dn: CN=test 02, CN=Users,DC=domain,DC=name
but nothing else for the user attributes. The other users I see have objectclasses that return and all of the other attributes that I see in ADSI Edit underneath their entry. I have seen this happen with a couple accounts over the past few months and the only workaround I have is to simply create a new account for the user...Obviously a bad workaround.
Am I missing something obvious or what could be happening?
On the security tab of the accounts that do not return data, see if there are any "DENY" access control entries. Deny takes precedence, so a one-off deny can prevent information from being displayed where there is an allow entry at a higher level.
Check if inheritance is enabled. There are cases where this is programmatically disabled -- domain admins -- and you need to modify the permission set on AdminSDHolder to enact permission changes on the managed objects. If inheritance is disabled but the accounts are not admins where AdminSDHolder applies, add the anonymous read permission to the object (your post indicates that you want anonymous read to user objects). Or risk enabling inheritance.
If all else fails, use "Advanced" on the "Security" tab and select the "Effective Access" tab. Click to select a user and enter "Anonymous". Accept. Then click "View effective access". Compare anonymous' effective access to both a working and non-working account.
Your filter for your search should be:
ldapsearch -h <my_host> -p 389 -x -b "cn=users,dc=domain,dc=name" -s sub "CN=test 01"
or
ldapsearch -h <my_host> -p 389 -x -b "cn=users,dc=domain,dc=name" -s sub "samacountname=test 01"
I recently had an issue like this where a user stopped appearing on a web app. Which syncs users from AD.
After spending couple of days on what is wrong with the user and comparing it to the working ones. My fix was to just .
"Remove this user from the domainusers group disable it then enable it and add it back to domainusers group."
after performing above action user again started syncing like befor.
How to get the password of an existing user in Rabbitmq from CLI?
I got the name of the user by CLI command "sudo rabbitmqctl list_users" and the outupt is as follows:
Listing users ... guest [administrator] openstack []
I want to know the 'openstack' user password.
The user passwords are stored using a one-way hash so there is no way to retrieve their value. You should use the rabbitmqctl change_password command to change that user's password to a known value.
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
If you used a deployment solution you might find the password in it's configuration. For example, when you deploy Openstack using kolla-ansible you find the password in /etc/kolla/passwords.yml.
user#deployhost:~$ grep -E ^rabbitmq_password: /etc/kolla/passwords.yml
rabbitmq_password: haH2ZPjVVKmiqoXdRPCYJcdQyzP2cqeU
It might be stored in some secure way, for example an vault if ansible is used for deployment, in this case you need to check the deployment framework on how to retrieve it.
I am running gerrit on dockers successfully until now. The next step I want to achieve is is as follows:
I have a service running and if the the service passes I want to to review the code as +1 and 0 if it fails. But to review code I need a user, for this I need to create a user account once the gerrit instance is launched, then add this user to the reviewer list for that project, then make this user review the code based on whether the service passes or not.
I am able to review the code using the below command:
ssh -p 29418 host_ip gerrit review --code-review +2 commit_id
But I'm not able to create a user and add the user to the list of reviewers for that project. I am not getting any errors but am not able to find out whether the command worked or not as I'm not able to find any new users added. I used the below command:
cat ~/.ssh/id_watcher.pub | ssh -p 29418 host_ip gerrit create-account --ssh-key - watcher
My gerrit instance is LDAP configured. Am I going in the right direction? What am I doing wrong?
I configured Openldap2.4 on RHEL6.5.
i applied default password policy on my ldap tree.
But, Account lock has been effectively applying only when i do su - username with wrong password .
But when i tried to check with login with putty session or direct ssh it is not applying.
Can any one please help me on the above issue ?.
when i tried using sudo su - testuser2.4
pwdFailureTime: 20150427095439Z
pwdFailureTime: 20150427095445Z
pwdFailureTime: 20150427095451Z
pwdAccountLockedTime: 20150427095451Z
But when i tried direct ssh or putty session with 3 failures still the
policy not applied.
You have to avoid using the managerDN user. That's for use by OpenLDAP itself, and it bypasses all overlays, specifically this one. The overlay will work if you're logging in as a user within the DIT.