You are browsing a read-only backup copy of Wikitech. The primary site can be found at wikitech.wikimedia.org

SRE/LDAP/Renaming users

From Wikitech-static
< SRE‎ | LDAP(Redirected from LDAP/Renaming users)
Jump to navigation Jump to search

It is possible, but not trivial, to rename a Wikitech/LDAP/Gerrit user account. The complication occurs mostly because multiple "primary" data stores all reference each other in interdependent ways.

Prerequisites

Open 3 tabs and stay logged in on Wikitech, Gerrit and Phabricator. On Phabricator, check the user profile page to make sure that the user to be renamed has enabled both Wikitech and MediaWiki auth methods so that they do not lose access to Phabricator entirely during the rename.

Rename the user in LDAP

  1. Find the user's current information
    • ldaplist -l passwd <shell-account-name>
  2. Ensure the new CN doesn't conflict with another user's CN
    • ldapsearch -xLLL -P 3 -E pr=40000/noprompt -b"dc=wikimedia,dc=org" 'cn=<new-cn>'
  3. Change the user's CN using ldapmodify
    • $ ldapmodify -v -D 'uid=novaadmin,ou=people,dc=wikimedia,dc=org' -W -
      Enter bind password:
      dn: uid=<shell-account-name>,ou=people,dc=wikimedia,dc=org
      changetype: modify 
      replace: cn 
      cn: <new-cn>
      - 
      replace: sn 
      sn: <new-cn>
      -
      

Rename the user in Wikitech

Have someone with super special permissions change your Wikitech username. Use Special:RenameUser. Login to Wikitech using your new username to make sure it works.

Icinga

Login to Icinga with your new creds. It should work for lowercase as well.

Gerrit

As of Gerrit 3.2, the user database is a git repository. See the LDAP/Renaming_users/Gerrit page for instructions.

Phabricator

  • Got to your profile and click on Manage->Edit Settings->External Accounts (direct link)
  • Unlink the Wikitech auth and relink it with your new wikitech username.
  • If you want a new phabricator username, you could create a new account (not tested)

Wikimedia Cloud Services (Horizon)

  • You should be able to login using your new username.
  • You should have access to all projects you were before.

Hope for the best.