Upgrade and migration issue

[samgillwork]

Morning,

I'm in a position where I need to relocate our Bonobo GIT install, from a 2008 R2 server to a 2016 server. We are currently on version 4, and don't have installation instructions for it (possibly a good thing, but if anyone has a copy of them it would be appreciated as I may need to move the server in a hurry if the upgrade continues to be problematic), so I'm taking the opportunity to upgrade to the latest that works with AD correctly, which as I understand is 6.2.1. However I'm struggling to get the repositories to be recognised correctly by version 6.2.1 when using Active Directory authentication.

I can install 6.2.1 in it's default state and copy the repositories and database across, and all behaves via the web interface as you would expect, but when AD Authentication is enabled, the repositories are all listed as "Discovered in file system". It could be me missing something obvious, but I'm not sure why the repositories would show as expected when the Internal membership is used, and not when things are changed to use Active Directory. I've listed the details of what I've been seeing below.

The AD groups are set up as specified in the instructions (GIT-Users, GIT-Admins), with the users and admins added, all the team groups are listed in the web.config, which makes a nice big list. Currently I haven't enabled SSL on the server as I wanted to get these issues sorted first.

Note that I haven't tried a GIT client on this server so far, this has all just been via the Web interface.

Setup 6.2.1 in it's default state and web page works as expected (Server Windows 2016 - 1607, Client Windows 10 - 1703). Site is a new site in IIS, not as part of the default site as we use a different hostname for the Git server.

Copy repositories and database from previous server (authentication provider set to cookies, membership to internal) Logged in as default "Admin" user Repositories all show as there (no odd messages as there are below) Editing a repository shows Contributers, Admins and Teams have all carried across from the old server Clicking "Users" shows AD users as per old server Clicking "Teams" shows teams as per old server Clicking "admin" shows expected user editing options (username, email, password, roles) Clicking "sign out" link signs out of git

Both browsers have cache and history cleared between authentication changes made in web.config, no other changes are made to the system other than an IIS restart.

Add the AD authentication options into the web.config (authentication provider set to Windows, membership to Active Directory) IE 11 auto logs on as my AD account All repositories showing as "Discovered in file system" Editing a repository shows that none of the Contributers, Admins or Teams have carried across Clicking "Teams" shows all expected teams Clicking "Users" shows all expected users with details pulled from AD Clicking user name (top right) shows details of logged on user User shown as an Administrator Repository URLs are as expected "Sign Out" link not there

Firefox (58.02) doesn't auto log on, log in with AD credentials
All repositories shown as "Discovered in file system"
Editing a repository shows that none of the Contributers, Admins or Teams have carried across
Clicking "Teams" shows all expected teams
Clicking "Users" shows all expected users
Clicking user name (top right) shows details of logged on user
    User shown as an Administrator
Repository URLs are as expected
"Sign Out" link not there

Above results can be reproduced on a different system (Windows 7, IE 11).

Any thoughts as to why the repositories are all showing as "Discovered in file system". I should probably ask if it's correct that the Contributers, Admin's and Teams aren't there for AD authentication, but suspect it could all be tied to the same issue.

Thanks in advance.

Sam

[willdean]

For reasons I've never understood (it was an enormous drive-by commit before my time), when you're using AD there's a completely separate 'database' holding all the information about everything (users, teams, repos, etc). This means that when you change to AD, you lose all the repository setup you had previously.

This means that Bonobo starts from a position of not knowing about any repositories, though it does then 'discover' them all in the repository directory.

One could write a converter to convert the sqlite repos records into the AD format, although there would still some difficulty with user permissions, etc, because in Sqlite they're based on internal user IDs, and with AD they're based on the user IDs which come from AD.

So I'm afraid that what you're seeing is expected behaviour.

[samgillwork]

Hi Will,

So from what you are saying, even if I built the server to use AD initially, it would still have no clue about the repositories, or their security? That sucks just a little bit..

Would the best way to work around this be to build a new server, create repositories with the same names, teams, users, etc, and then copy the data in it's entirety from one server's repository to the other via a git client (which I believe was done when we moved from a test server to the current live server).

Or is there a better way of working around the issue?

Thanks

Sam

[cbaerike]

I just went through the same issue - something is failing in the version 6 upgrade routine for repositories in AD environments. Here's how to fix it:

• Open the \App_Data\ADBackend\Users folder. Each JSON file contains one user in your environment. Find the one you want to set as a repo administrator.
• Open the \App_Data\ADBackend\Repos folder. You'll find one JSON file per repository in there.
• You can update the description here or via the Web UI. But in order to get access to the repo in the Web UI, you need to update the admin permissions. Replace this "Users":[],"Administrators":[],"Teams":[] with this "Users":[],"Administrators":[<content of the user's JSON file, including the curly brackets>],"Teams":[]