← Back to team overview

ubuntu-bengali-manual team mailing list archive

[Bug 881019] Re: Lp login is broken after account merge

 

So, this looks to be a problem due to different things being called
"account merge".

On one side we have

- SSO account merge
- LP account merge

and they do different things.

I will speak only about the SSO one as that's the one I know :)

When two SSO accounts get merged, the source account will get
deactivated, and all of it's associated emails will get added to the
target account (thus, the source account's openid will no longer be
valid).

In all reported cases we found multiple SSO accounts linked to the same
LP account. This possibly caused the wrong openid to be setup at the
summit sites. This in turn was probably caused by LP merging the
accounts without telling SSO about it, thus getting the SSO side of
things out of sync.

The way to properly fix this is by having LP notify SSO by some (yet
non-existing means) when two accounts need to be merged so SSO can merge
their corresponding parts too.

-- 
You received this bug notification because you are a member of Ubuntu
Bengali Manual, which is subscribed to LoCo Team Portal.
https://bugs.launchpad.net/bugs/881019

Title:
  Lp login is broken after account merge

Status in Canonical SSO provider:
  Confirmed
Status in Launchpad itself:
  Triaged
Status in LoCo Team Portal:
  Confirmed
Status in OpenStack Core Infrastructure:
  Confirmed
Status in Summit - The UDS Scheduler:
  Confirmed

Bug description:
  This looks like  bug 644824 (reopned?), though may also be bug 676964.
  In either case, openid are not matched correctly when the user logins
  in through SSO. Since both of these bugs were reported, the
  openididentifier table was created to store multiple ids for a user.
  Merge may not be dealing with the table correctly.

  There have also been many cases where the email address table (used to
  lookup Persons) has a different account from the account in the person
  table. This should be an impossibility. Maybe there should be a
  constraint, or column should be dropped from person, (or less likely
  emailaddress).

  Notes from gmb, 2011-11-24:

   - Dropping account from Person is prohibitively complex (see comments).
   - Running the following query:
         SELECT COUNT(*) FROM Person, EmailAddress WHERE
             EmailAddress.person = Person.id AND
             EmailAddress.account <> Person.account;
     tells us that there are currently two Persons in the production DB whose Person.account
     and EmailAddress.account don't match.

  --

  From the original question:
  One of our guys just recently merged two launchpad acounts into the account nati-ueno. The merge didn't go all the way through - there are times when the old openid gets referenced.

   https://login.launchpad.net/+id/BBze6nw
   https://login.launchpad.net/+id/X6dGn6P

  X6dGn6P is the correct one.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-identity-provider/+bug/881019/+subscriptions