Self registered accounts are still created with old user ID

[foobarable]

Bug was fixed but we still have some self registered accounts with wrong IDs now.

[michzimny]

@foobarable, by 'old user IDs' you mean the old format?

[foobarable]

Yes, after looking again in the code of the selfregister module I found that we still used the old generator for user ids. We threw it out and use the new ID in our code but until it's deployed we should disable the registration for now

[michzimny]

Could we plan a deployment ASAP instead of disabling the registration?

What about the user accounts with old ids? Might they be left as they are?

[foobarable]

No, we should delete or migrate them

[michzimny]

Can you give us the number of such users with old IDs?

What about the deployment?

[foobarable]

19 users with some being testusers, so not so critical. Lets try to schedule asap. Next week?

[foobarable]

@michzimny We deployed the fix, what should we do with the users with wrong ids?

[michzimny]

@foobarable, thanks. Could we leave those users as they are for some time, and then migrate them later? For how long could they stay untouched now?

[foobarable]

@michzimny I think those users may have problems when they try to log in into cern box because they do some mapping with the user ids

[michzimny]

@ebocchi, could be any problem in CERNBox that some users have still SSO IDs with the old schema, and others have the IDs with the new schema?

[ebocchi]

@michzimny, we have an internal mapping at the CERNBox/SWAN side, which maps SSO-provided IDs to internal identities. This will be removed in near future but, for that, we need the SSO to provide only IDs with the new schema. The old schema will not be supported and the user will fail to login.

[michzimny]

@ebocchi, is the 'near future' simply the time when we put in place the eos-swan fix, related to ID mapping, that we have been discussing?

[ebocchi]

@michzimny, correct! The fix is now there and will be shipped with the upcoming software release. Then, it is just a matter of rebuilding the docker images.

[ebocchi]

Not sure we want to apply this to the "test" instance, though. Users will lose access to the data unless we migrate them (both user IDs and file ownership). Instead, we will be able to start the production instance with a clean mapping of user IDs.

[michzimny]

Guys, thank you for the updates. I think that we should keep the user accounts till the end of June, when the most of school activities will be suspended. I also think that we should not apply the fix to the test CERNBox. It's better now for the users to keep their accounts and possibly have no access to production CERNBox, when it gets deployed, than remove them completely.

[foobarable]

It's end of June now. What do we do with those accounts?

[michzimny]

It's not end of June yet. I will be in a couple of weeks :)

[michzimny]

@foobarable, it seems that the 19 accounts you once sent me can be deleted. Could you please just preserve a list of actually deleted accounts (i.e. user IDs, names) to be able to match a person with their user ID, just in case of any problems.

[m0ark]

I issued a complete dump. As soon as it's finished I will delete these accounts.

[m0ark]

The accounts are backed up and removed now.

[michzimny]

Thanks for the information. Is this issue considered closed now?

[m0ark]

Yes, it should be closed.