gerrit-oauth-provider icon indicating copy to clipboard operation
gerrit-oauth-provider copied to clipboard

Published 20 hours ago verified publisher icon davido

Migrate gmail to office365 accounts

Open rajaassaf1985 opened this issue 4 years ago • 5 comments

We have migrated our company mail service from gsuite to office365. Trying to setup oauth on gerrit server to use office365 instead of gmail. The application was setup correctly on azure AD but on login I get a forbidden and errors in the gerrit logs show the following:

[HTTP GET /oauth?code=0.AAAAMUIzFUahjUmUIGQWiyj1MNFMNhIBAVFBj1yQ4Uo8tMlzAAI.AQABAAIAAAD--DLA3VO7QrddgJg7Wevr7t42FBVmyCcdm ] WARN com.google.gerrit.server.account.AccountManager : Email [email protected] is already assigned to account 1000004; cannot create external ID office365-oauth:<ID> with the same email for account 1000030. [HTTP GET /oauth?code=0.AAAAMUIzFUahjUmUIGQWiyj1MNFMNhIBAVFBj1yQ4Uo8tMlzAAI.AQABAAIAAAD--DLA3VO7QrddgJg7Wevr7t42FBVmyCcdm ] ERROR com.google.gerrit.httpd.auth.oauth.OAuthSession : Unable to authenticate user "com.google.gerrit.extensions.auth.oauth.OAuthUserInfo@2fee9bb3" com.google.gerrit.server.account.AccountException: Email '[email protected]' in use by another account

Is there a way to link the previous account numbers to the current ones ? The email addresses haven't changed.

Thank you.

rajaassaf1985 avatar Feb 22 '21 15:02 rajaassaf1985

cannot create external ID office365-oauth: with the same email for account 1000030.

You cannot re-use emails for different OAuth providers. I guess you need to change the backend data, from one provider to another. What gerrit version are you using? Depending on gerrit version, you would need to tweak ReviewDb (database) or NoteDb (git).

davido avatar Feb 23 '21 06:02 davido

We're using gerrit version 3.2.3.

rajaassaf1985 avatar Feb 23 '21 09:02 rajaassaf1985

We're using gerrit version 3.2.3.

Consider to upgrade to 3.2.7 ASAP, see: [1]. Older releases have security issues.

[1] https://groups.google.com/g/repo-discuss/c/FOrISyYEtBc/m/5Hg0pzLEAgAJ

davido avatar Feb 23 '21 11:02 davido

upgraded to 3.2.7. Thanks for the heads up. Now regarding the switch to office365 with the same email addresses. Do you know of any gerrit documentation to tweak the DB in a way that will map the old google user login to the microsoft ones ?

rajaassaf1985 avatar Feb 23 '21 19:02 rajaassaf1985

Do you know of any gerrit documentation to tweak the DB in a way that will map the old google user login to the microsoft ones ?

See this thread: [1], that is referencing also: [2].

[1] https://groups.google.com/g/repo-discuss/c/4mbykY3oS1o/m/BsJ0_NFbAQAJ [2] https://groups.google.com/g/repo-discuss/c/tZ1tYQwbeLY/m/xSZhIQ20EQAJ

davido avatar Feb 23 '21 19:02 davido