SRE/LDAP/Renaming users/Gerrit

From Wikitech
< SRE‎ | LDAP‎ | Renaming users

Renaming users in Gerrit involves fiddling in git quite a bit since Gerrit uses git as a database. Gerrit uses the ldap cn as the user's username and full name. The uid is used for ssh and api access. 

$ ssh [gerrit host]
user@gerrit:~ $ sudo su - gerrit2
gerrit2@gerrit:~ $ cd /srv/gerrit/All-Users
gerrit2@gerrit:~ $ git fetch origin refs/meta/external-ids:refs/meta/external-ids
gerrit2@gerrit:~ $ git checkout FETCH_HEAD
[run the rename account script]
gerrit2@gerrit:~ $ git add . && git commit -m 'Modify [user] commonname'
gerrit2@gerrit:~ $ git push origin HEAD:refs/meta/external-ids
gerrit2@gerrit:~ $ git fetch origin refs/users/[user-id]
gerrit2@gerrit:~ $ git checkout FETCH_HEAD
gerrit2@gerrit:~ $ git config -f account.config account.fullName [new username]
gerrit2@gerrit:~ $ git add account.config
gerrit2@gerrit:~ $ git commit -m 'modify user fullname'
gerrit2@gerrit:~ $ git push origin HEAD:refs/users/[user-id]
[back on your laptop reindex accounts]
$ ssh -p 29418 gerrit.wikimedia.org -- gerrit index start accounts --force

cn rename script

If changing the cn this is the script to use: 

#!/bin/bash

set -euo pipefail

OLD_USERNAME="$1"
NEW_USERNAME="$2"

OLD_SHASUM=$(printf "gerrit:%s" "${OLD_USERNAME}" | shasum -a 1)
NEW_SHASUM=$(printf "gerrit:%s" "${NEW_USERNAME}" | shasum -a 1)

OLD_FILE=$(printf '%s/%s\n' "${OLD_SHASUM:0:2}" "${OLD_SHASUM:2:38}")
NEW_FILE=$(printf '%s/%s\n' "${NEW_SHASUM:0:2}" "${NEW_SHASUM:2:38}")

git mv "$OLD_FILE" "$NEW_FILE"

# Change username to lowercase in new file
sed -i "s/gerrit:${OLD_USERNAME}/gerrit:${NEW_USERNAME}/" "$NEW_FILE"

uid rename account script

If changing the `uid` this is the script to use: 

#!/bin/bash

set -euo pipefail

OLD_USERNAME="$1"
NEW_USERNAME="$2"

OLD_SHASUM=$(printf "username:%s" "${OLD_USERNAME}" | shasum -a 1)
NEW_SHASUM=$(printf "username:%s" "${NEW_USERNAME}" | shasum -a 1)

OLD_FILE=$(printf '%s/%s\n' "${OLD_SHASUM:0:2}" "${OLD_SHASUM:2:38}")
NEW_FILE=$(printf '%s/%s\n' "${NEW_SHASUM:0:2}" "${NEW_SHASUM:2:38}")

git mv "$OLD_FILE" "$NEW_FILE"

# Change username to lowercase in new file
sed -i "s/username:${OLD_USERNAME}/username:${NEW_USERNAME}/" "$NEW_FILE"
Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=SRE/LDAP/Renaming_users/Gerrit&oldid=1923819"