With respect to the OpenStack Gerrit, it's not that the consumer is buggy, it's that since we're trying to _integrate_ with Launchpad, we need to know the _Launchpad_ user of the person who is authenticating to us. It's not enough to just know be given an opaque identifier, we need to know the Launchpad user ID of that person so that we know what groups they are a member of, etc. If we just wanted to use an opaque OpenID provider, we could have used any number of other ones. The value in using Launchpad's OpenID provider is that we can integrate our tools and processes with Launchpad.
William, a while ago you suggested an API call that would allow us to query all of the identifiers for a given Launchpad account? I believe we can work around the problem if that's added. Do you still think that would be feasible? -- You received this bug notification because you are a member of Ubuntu Bengali Manual, which is subscribed to LoCo Team Portal. https://bugs.launchpad.net/bugs/881019 Title: Lp login is broken after account merge Status in Canonical SSO provider: Confirmed Status in Launchpad itself: Triaged Status in LoCo Team Portal: Confirmed Status in OpenStack Core Infrastructure: Confirmed Status in Summit - The UDS Scheduler: Confirmed Bug description: This looks like bug 644824 (reopned?), though may also be bug 676964. In either case, openid are not matched correctly when the user logins in through SSO. Since both of these bugs were reported, the openididentifier table was created to store multiple ids for a user. Merge may not be dealing with the table correctly. There have also been many cases where the email address table (used to lookup Persons) has a different account from the account in the person table. This should be an impossibility. Maybe there should be a constraint, or column should be dropped from person, (or less likely emailaddress). Notes from gmb, 2011-11-24: - Dropping account from Person is prohibitively complex (see comments). - Running the following query: SELECT COUNT(*) FROM Person, EmailAddress WHERE EmailAddress.person = Person.id AND EmailAddress.account <> Person.account; tells us that there are currently two Persons in the production DB whose Person.account and EmailAddress.account don't match. -- From the original question: One of our guys just recently merged two launchpad acounts into the account nati-ueno. The merge didn't go all the way through - there are times when the old openid gets referenced. https://login.launchpad.net/+id/BBze6nw https://login.launchpad.net/+id/X6dGn6P X6dGn6P is the correct one. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-identity-provider/+bug/881019/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~ubuntu-bengali-manual Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-bengali-manual More help : https://help.launchpad.net/ListHelp
