Duplication of user account id-s

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Duplication of user account id-s

Claudius Teodorescu
Hi,


We are facing the following situation in eXist 2: some local user account id-s are duplicated by some LDAP user account id-s. See an example below:

<account xmlns="http://exist-db.org/Configuration" id="396">


    <group name="group"/>
    <group name="group"/>
    <expired>false</expired>
    <enabled>true</enabled>
    <umask>022</umask>
    <name>name</name>
</account>

and a LDAP

<account xmlns="http://exist-db.org/Configuration" id="396">


    <group name="group"/>
    <expired>false</expired>
    <enabled>true</enabled>
    <umask>022</umask>
    <metadata key="http://axschema.org/namePerson/first">name</metadata>
    <metadata key="http://axschema.org/contact/email">email</metadata>
    <metadata key="http://axschema.org/namePerson/last">name</metadata>
    <metadata key="http://axschema.org/namePerson">name</metadata>
    <name>email</name>
</account>

My questions:
1. does anyone have any idea why this happened?
2. what are the risks of deleting the LDAP user account with duplicated id-s?

Thanks,
Claudius
Reply | Threaded
Open this post in threaded view
|

Re: Duplication of user account id-s

Dmitriy Shabanov
Hi,

On Sat, Feb 11, 2017 at 10:06 AM, Claudius Teodorescu <[hidden email]> wrote:
We are facing the following situation in eXist 2: some local user account
id-s are duplicated by some LDAP user account id-s. See an example below:

<account xmlns="http://exist-db.org/Configuration" id="396">


    <group name="group"/>
    <group name="group"/>
    <expired>false</expired>
    <enabled>true</enabled>
    <umask>022</umask>
    <name>name</name>
</account>

and a LDAP

<account xmlns="http://exist-db.org/Configuration" id="396">


    <group name="group"/>
    <expired>false</expired>
    <enabled>true</enabled>
    <umask>022</umask>
    <metadata key="http://axschema.org/namePerson/first">name</metadata>
    <metadata key="http://axschema.org/contact/email">email</metadata>
    <metadata key="http://axschema.org/namePerson/last">name</metadata>
    <metadata key="http://axschema.org/namePerson">name</metadata>
    <name>email</name>
</account>

My questions:
1. does anyone have any idea why this happened?

It happen because at time of account creation (1st login) /db/system/security/config.xml was locked up. And that's why increased last-account-id was not stored. Here the PR with the fix for it.
 
2. what are the risks of deleting the LDAP user account with duplicated
id-s?

You can manually check latest id that you can use, change all duplicated id and increase last-account-id at config file. After that restart db.

--
Dmitriy Shabanov

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Exist-open mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/exist-open
Reply | Threaded
Open this post in threaded view
|

Re: Duplication of user account id-s

Claudius Teodorescu
Well, very nice Dmitry. Thanks for help!

I will do as you said.

On Sat, Feb 11, 2017 at 9:46 AM, Dmitriy Shabanov <[hidden email]> wrote:
Hi,

On Sat, Feb 11, 2017 at 10:06 AM, Claudius Teodorescu <[hidden email]> wrote:
We are facing the following situation in eXist 2: some local user account
id-s are duplicated by some LDAP user account id-s. See an example below:

<account xmlns="http://exist-db.org/Configuration" id="396">


    <group name="group"/>
    <group name="group"/>
    <expired>false</expired>
    <enabled>true</enabled>
    <umask>022</umask>
    <name>name</name>
</account>

and a LDAP

<account xmlns="http://exist-db.org/Configuration" id="396">


    <group name="group"/>
    <expired>false</expired>
    <enabled>true</enabled>
    <umask>022</umask>
    <metadata key="http://axschema.org/namePerson/first">name</metadata>
    <metadata key="http://axschema.org/contact/email">email</metadata>
    <metadata key="http://axschema.org/namePerson/last">name</metadata>
    <metadata key="http://axschema.org/namePerson">name</metadata>
    <name>email</name>
</account>

My questions:
1. does anyone have any idea why this happened?

It happen because at time of account creation (1st login) /db/system/security/config.xml was locked up. And that's why increased last-account-id was not stored. Here the PR with the fix for it.
 
2. what are the risks of deleting the LDAP user account with duplicated
id-s?

You can manually check latest id that you can use, change all duplicated id and increase last-account-id at config file. After that restart db.

--
Dmitriy Shabanov



--

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Exist-open mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/exist-open
Reply | Threaded
Open this post in threaded view
|

Re: Duplication of user account id-s

Claudius Teodorescu
Should I infere that the /db/system/security/config.xml file was locked up by the process of updating the LDAP accounts triggered by the eXist's LDAP client?

On Sat, Feb 11, 2017 at 11:22 AM, Claudius Teodorescu <[hidden email]> wrote:
Well, very nice Dmitry. Thanks for help!

I will do as you said.

On Sat, Feb 11, 2017 at 9:46 AM, Dmitriy Shabanov <[hidden email]> wrote:
Hi,

On Sat, Feb 11, 2017 at 10:06 AM, Claudius Teodorescu <[hidden email]> wrote:
We are facing the following situation in eXist 2: some local user account
id-s are duplicated by some LDAP user account id-s. See an example below:

<account xmlns="http://exist-db.org/Configuration" id="396">


    <group name="group"/>
    <group name="group"/>
    <expired>false</expired>
    <enabled>true</enabled>
    <umask>022</umask>
    <name>name</name>
</account>

and a LDAP

<account xmlns="http://exist-db.org/Configuration" id="396">


    <group name="group"/>
    <expired>false</expired>
    <enabled>true</enabled>
    <umask>022</umask>
    <metadata key="http://axschema.org/namePerson/first">name</metadata>
    <metadata key="http://axschema.org/contact/email">email</metadata>
    <metadata key="http://axschema.org/namePerson/last">name</metadata>
    <metadata key="http://axschema.org/namePerson">name</metadata>
    <name>email</name>
</account>

My questions:
1. does anyone have any idea why this happened?

It happen because at time of account creation (1st login) /db/system/security/config.xml was locked up. And that's why increased last-account-id was not stored. Here the PR with the fix for it.
 
2. what are the risks of deleting the LDAP user account with duplicated
id-s?

You can manually check latest id that you can use, change all duplicated id and increase last-account-id at config file. After that restart db.

--
Dmitriy Shabanov



--



--

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Exist-open mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/exist-open
Reply | Threaded
Open this post in threaded view
|

Re: Duplication of user account id-s

Dmitriy Shabanov
Usually it locked by user that use javaclient to edit that config.xml document.

On Sat, Feb 11, 2017 at 12:25 PM, Claudius Teodorescu <[hidden email]> wrote:
Should I infere that the /db/system/security/config.xml file was locked up by the process of updating the LDAP accounts triggered by the eXist's LDAP client?

--
Dmitriy Shabanov

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Exist-open mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/exist-open