Last modified: 2014-03-14 20:07:19 UTC
On tools-login, about every second minute something tries to resolve the username "80686", but is hindered by nslcd.conf's validnames: | Feb 26 22:24:03 tools-login nslcd[32642]: [d39979] <passwd(all)> passwd entry uid=80686,ou=people,dc=wikimedia,dc=org denied by validnames option: "80686" Yet, temporarily tweaking /etc/nslcd.conf and "sudo service nslcd restart && getent passwd 80686" doesn't yield any result either. But: | scfc@tools-login:~$ ldaplist -l passwd 80686 | dn: uid=80686,ou=people,dc=wikimedia,dc=org | uid: 80686 | objectClass: person | objectClass: organizationalPerson | objectClass: inetorgperson | objectClass: ldapPublicKey | objectClass: shadowaccount | objectClass: posixaccount | objectClass: top | loginShell: /usr/local/bin/sillyshell | sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1Gpgy5PcnNP6I3P4QkqB4yZMAsinFZOpPg5iAss8aXAdTSfJhFlGXEhq9TnohnbXIeeFAvRgh9fo2VC/iUxfvssBUdZ3WNNtDWLEV/7yoVptHhfPb1Y9nyCVrcZtQMxatY/Pn3L2pmyzYWoi9QpFs/pk0fF+ePfbiNM47+W0JKOrIZYMiTLfyXzz1fMqHOvUsSC/bruoupqAUsKfxrtYUnvsu6xUM0+ScykEFg3fgMyoVcQFQlxco+MzzA1E3BfpYThbvoqizH4OgDMJ02siYfR/F3d+WdRQ+B/p7ZwtAfZ81+F2cYPpEUgiMW1APJpXwfsRAoEbzhlnjROcDGFWIw== manuel@mirabilis | uidNumber: 1044 | gidNumber: 550 | sn: 80686 | homeDirectory: /home/80686 | cn: 80686 | scfc@tools-login:~$ does. However, there is no [[wikitech:User:80686]] ("sn" is apparently the wikitech username) and Gerrit doesn't know a user with that name either if one queries for "owner:80686". There is no home directory for the user in the Bastion project.
This might be coincidence, but the private email (non-Labs) I received about the upcoming Zürich Hackathon Registration came from "80686 <username@wikimedia.ch>" which was surprising enough that I remembered (replace username above by 'manuel dot schneider').
That would align with "manuel@mirabilis" in the ssh key. Manuel, perhaps you can shed some light on this: Have you actively registered on wikitech or Gerrit? Or was 80686 perhaps an SVN username that was migrated?
Yes, User:80686 is me. This was my SVN account that must have been migrated.
In mediawiki/core: | commit 577b0bd99107d79227cfcdbc5e4f844642c4ea1d | Author: Manuel Schneider <80686@users.mediawiki.org> | Date: Thu Mar 22 09:08:08 2007 +0000 | updated release notes | commit d133a108c6e37a80e079988e86a621fb689d18ff | Author: Manuel Schneider <80686@users.mediawiki.org> | Date: Thu Mar 22 08:19:47 2007 +0000 | fixed bug in call of hook ArticleViewHeader | commit 4ac631ca02ebd36cbbb8920c226288e8b53efe79 | Author: Manuel Schneider <80686@users.mediawiki.org> | Date: Thu Jan 18 09:49:28 2007 +0000 | Localisation updates from 80686 and Raymond. | commit 6c695ae7c8be363a0ed845ff94aece9e8d42f51d | Author: Manuel Schneider <80686@users.mediawiki.org> | Date: Wed Dec 13 10:26:37 2006 +0000 | added additional check to avoid warnings So: Yes :-). Chad, does Gerrit need all authors to have an LDAP account? If not and Manuel hasn't accessed wikitech/Gerrit with that account, I think we could just delete the entry in LDAP and set up the forwarding for 80686@users.mediawiki.org in exim (if those addresses actually work).
From #wikimedia-labs: | <scfc_de> ^d: Could you comment on | https://bugzilla.wikimedia.org/show_bug.cgi?id=61967#c4 when you | have some time, please? [19:44] | <^d> User exists in ldap because user was in svn. [19:45] | <^d> Doesn't exist in gerrit at all afaik. | <scfc_de> So if he were removed from LDAP, what would be the consequences? | [19:46] | <^d> Nothing for gerrit. | <^d> Gerrit doesn't even know the user exists.
The error occurs only on tools-login, and the interval correlates to toolwatcher's "sleep 120"; so I "sudo tail -f /var/log/syslog | fgrep 80686 &"'d and can trigger the warning with "getent passwd > /dev/null".