https://bugzilla.wikimedia.org/show_bug.cgi?id=62993
Bug ID: 62993
Summary: Service groups/"Manage members" does not handle nested
service groups in the new LDAP scheme
Product: MediaWiki extensions
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: Unprioritized
Component: OpenStackManager
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected],
[email protected]
Blocks: 58997
Web browser: ---
Mobile Platform: ---
On Tools, the service group jarry-common has as its members the user jarry1250
and the service groups grep and wikicup
(https://wikitech.wikimedia.org/w/index.php?title=Special:NovaServiceGroup&action=managemembers&projectname=tools&servicegroupname=local-jarry-common&returnto=Special%3ANovaServiceGroup).
However, even after removing and adding members to force a rewrite, the
service group's LDAP records are:
| dn: cn=tools.jarry-common,ou=servicegroups,dc=wikimedia,dc=org
| objectClass: groupofnames
| objectClass: posixgroup
| objectClass: top
| member: uid=jarry1250,ou=people,dc=wikimedia,dc=org
| member:
uid=local-wikicup,ou=people,ou=servicegroups,dc=wikimedia,dc=org
^^^^^^
| member: uid=local-grep,ou=people,ou=servicegroups,dc=wikimedia,dc=org
^^^^^^
| gidNumber: 51365
| cn: tools.jarry-common
| dn: cn=local-jarry-common,ou=groups,cn=tools,ou=projects,dc=wikimedia,dc=org
| objectClass: groupofnames
| objectClass: posixgroup
| objectClass: top
| member: uid=jarry1250,ou=people,dc=wikimedia,dc=org
| member:
uid=local-wikicup,ou=people,cn=tools,ou=projects,dc=wikimedia,dc=org
| member:
uid=local-grep,ou=people,cn=tools,ou=projects,dc=wikimedia,dc=org
| gidNumber: 50775
| cn: local-jarry-common
In eqiad, "getent group" queries the former structure which thus yields:
| scfc@tools-login:~$ getent group tools.jarry-common
| tools.jarry-common:*:51365:local-wikicup,local-grep,jarry1250
| scfc@tools-login:~$ groups tools.grep
| tools.grep : tools.grep
| scfc@tools-login:~$
So tools.grep does not have access to tools.jarry-common's data.
Re fixing in general, the UI at the moment uses "local-", but in the shell
users are presented with "tools.", this is confusing, and so this might be a
good opportunity to switch the wiki UI to "tools.".
Re fixing in particular, the issue is not only "tools." vs. "local-", but the
rest of the DN also is different (new LDAP):
| member:
uid=local-wikicup,ou=people,ou=servicegroups,dc=wikimedia,dc=org
but:
| dn: cn=tools.wikicup,ou=servicegroups,dc=wikimedia,dc=org
("cn=" vs. "uid=", "ou=people" vs. none).
Affected service groups in Tools:
| scfc@tools-login:~$ getent group | fgrep local-
| tools.pb:*:51344:local-spbot,ireas,euku
| tools.jarry-common:*:51365:local-wikicup,local-grep,jarry1250
| tools.mp:*:51391:local-spbot,ireas,euku
| tools.tsreports:*:51518:valhallasw,local-tsreports-dev,mzmcbride
|
tools.quentinv57-common:*:51561:local-quentinv57-bots,local-quentinv57-tools,local-irc-wmt,johnflewis,quentinv57
| tools.shuaib-bot:*:51611:local-ameen,tahir,nadwi,local-tahir,ameen
| tools.contropedia:*:51710:local-contropedia,ekborra,davids,boogheta
| tools.orejasbot:*:51741:local-orejasbot,alan,mistrx
| scfc@tools-login:~$
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
