|
|
# User gets `Authentication failed` message when trying to login
|
|
|
|
|
|
In `syslog` there is a message:
|
|
|
|
|
|
`WARN com.google.gerrit.server.account.AccountManager : Email user@example.org is already assigned to account [account_id]; cannot create external ID gerrit:[username] with the same email for account [account_id].`
|
|
|
|
|
|
Check the user record by requesting his external IDs via the REST API (https://www.gerritcodereview.com/rest-api-accounts.html)
|
|
|
`https://review.typo3.org/accounts/[account_id]/external.ids`:
|
|
|
```
|
|
|
$ curl 'https://review.typo3.org/accounts/[account_id]/external.ids' -X GET \
|
|
|
-H 'x-gerrit-auth: xxx' -H 'cookie: GerritAccount=xxxx; XSRF_TOKEN=xxxx'
|
|
|
```
|
|
|
|
|
|
If the output contains the usual `"identity": "username:[username]"` and `"identity": "gerrit:[username]"` entries AND also a third identity `"identity": "mailto:user@example.org",` which contains the email address as value, then you need to delete that external id:
|
|
|
```POST https://review.typo3.org/a/accounts/[account_id]/external.ids:delete HTTP/1.0
|
|
|
Cookie: GerritAccount=XXXX; XSRF_TOKEN=XXX; GERRIT_UI=GWT
|
|
|
Content-Type: application/json;charset=UTF-8
|
|
|
X-Gerrit-Auth: XXX
|
|
|
|
|
|
[
|
|
|
"mailto:user@example.org"
|
|
|
]
|
|
|
```
|
|
|
```
|
|
|
$ curl 'https://review.typo3.org/accounts/[account_id]/external.ids:delete' -X POST -H 'Content-Type: application/json' \
|
|
|
-H 'x-gerrit-auth: xxxx' -H 'cookie: GerritAccount=xxxx; XSRF_TOKEN=xxxx' --data '["mailto:user@example.org"]'
|
|
|
```
|
|
|
|
|
|
On the next login attempt the email address will be added as value to `"identity": "gerrit:[username]"` and the login succeeds.
|
|
|
|
|
|
This operation can obviously only be executed by a member of the Administrators group. The necessary values for `Cookie` and `X-Gerrit-Auth` can be found by logging in in the Gerrit Web Frontend and inspecting the `PUT` when modifying the own user preferences.
|
|
|
|
|
|
The error only ocurrs for users which had an account a long time ago (before LDAP), not used it for a long time and try logging in now. |