[16:58:58] * bawolff enjoys the welcome message
[17:02:35] <apergos>	 is there something special about it I missed? 
[17:03:08] <apergos>	 or perhaps.. this was a polite but subdued plea for a welcome?  if so
[17:03:12] <apergos>	 welcome, bawolff :-D
[17:03:23] <bawolff>	 hi
[17:03:33] <bawolff>	 I'm just a fan of Dune
[17:03:45] <bawolff>	 ChanServ	[#wikimedia-research] Welcome to the Wikimedia Research IRC channel.  The Science must flow.
[17:03:51] <apergos>	 oh!
[17:03:54] <apergos>	 the chanserv message
[17:04:06] <apergos>	 I was looking at the topic over and over and failing to see the interest 
[17:51:48] <YuviPanda>	 hey zareen 
[17:52:27] <zareen>	 hey YuviPanda , so from http://localhost:8000 i'm using my wikitech login and keep getting invalid username or password error
[17:52:29] <YuviPanda>	 zareen: try logging into paws-internal again? I'm watching the logs
[17:52:41] <Krenair>	 krenair@notebook1001:~$ id zareen
[17:52:41] <Krenair>	 uid=15813(zareen) gid=500(wikidev) groups=500(wikidev),714(researchers)
[17:54:44] <YuviPanda>	 Krenair: right, so that should work
[17:54:51] <Krenair>	 yep
[17:54:59] <YuviPanda>	 Krenair: but I wrote the LDAPAuthenticator code, so it's probably filled with bugs
[17:55:09] <zareen>	 YuviPanda: i've tried logging in twice :(
[17:55:11] <Krenair>	 ooh hang on, LDAP?
[17:55:24] <Krenair>	 this queries labs LDAP?
[17:55:32] <YuviPanda>	 zareen: just now?
[17:55:40] <YuviPanda>	 that's interesting, I don't actually see an attempt just now
[17:55:48] <YuviPanda>	 Krenair: yeah, it does... a bunch of things
[17:55:52] <zareen>	 twice in the past 4 min
[17:56:05] <YuviPanda>	 ok, that's pretty interesting / strange!
[17:56:13] <YuviPanda>	 I am not sure why that didn't log anything
[17:56:14] <YuviPanda>	 am looking
[17:56:24] <Krenair>	 it was LDAP for auth, and checking the local server group for authz, right?
[17:56:29] <zareen>	 let me know if need to me try again
[17:56:46] <Krenair>	 s/auth,/authn,/
[17:58:36] <YuviPanda>	 Krenair: so it does a bunch of things
[17:58:41] <YuviPanda>	 Krenair: it checks ldap for authn first
[17:58:48] <YuviPanda>	 Krenair: then it checks ldap for authz (nda or wmf groups)
[17:58:51] <Krenair>	 yep
[17:58:54] <YuviPanda>	 Krenair: then it checks local server group for authz
[17:58:55] <YuviPanda>	 again
[17:59:02] <Krenair>	 ok
[17:59:29] <Krenair>	 this is the issue then
[17:59:41] <Krenair>	 krenair@tools-bastion-03:~$ ldapsearch -x member=uid=zareen,ou=people,dc=wikimedia,dc=org dn -LLL | grep dn:
[17:59:41] <Krenair>	 dn: cn=project-bastion,ou=groups,dc=wikimedia,dc=org
[17:59:41] <Krenair>	 dn: cn=project-tools,ou=groups,dc=wikimedia,dc=org
[17:59:42] <Krenair>	 krenair@tools-bastion-03:~$ 
[18:00:18] <YuviPanda>	 ah
[18:00:22] <YuviPanda>	 Krenair: so someone needs to add zareen to the nda group
[18:00:27] <Krenair>	 or at least *one* issue
[18:00:31] <YuviPanda>	 right
[18:00:35] <YuviPanda>	 but that's first to get past!
[18:00:42] <Krenair>	 if it is the case, then the error message is just wrong
[18:00:49] <YuviPanda>	 yup
[18:00:54] <Krenair>	 btw, 'someone' can be you, it's labs LDAP so you can just modify it
[18:00:57] <YuviPanda>	 jupyterhub literally can't return any other error message!!!
[18:00:59] <YuviPanda>	 Krenair: yup
[18:01:12] <YuviPanda>	 (I'm working on fixing it, since I'm also part of 'upstream' now)
[18:02:19] <Krenair>	 so if I'm right and LDAP membership is the only issue for zareen, for now can we change the message from 'User Zareen not in researchers group' to 'User Zareen either not in researchers group or not in nda/wmf LDAP group'?
[18:02:21] <zareen>	 ah, makes sense to me now about getting that error message 
[18:02:22] <YuviPanda>	 Krenair: ok, am gonna add her to nda
[18:03:35] <YuviPanda>	 Krenair: that's just one of the error messages, probably when she tried 'Zareen' as a variant?
[18:03:43] <Krenair>	 ah
[18:03:44] <Krenair>	 yeah
[18:03:44] <YuviPanda>	 zareen: try logging in now
[18:04:12] <Krenair>	 nda is probably correct, though it's an internship... so not sure. might be wmf
[18:04:28] <Krenair>	 the fact that there's a difference is really silly
[18:04:40] <YuviPanda>	 zareen: I think you're in!
[18:04:50] <zareen>	 YuviPanda Krenair success!
[18:05:08] <YuviPanda>	 \o/
[18:05:17] <zareen>	 thanks!
[18:05:22] <YuviPanda>	 well, I need to improve error messages on login :D
[18:05:23] <YuviPanda>	 zareen: Krenair found it :D
[18:06:53] <zareen>	 YuviPanda: cool, i'll test this out in the next couple days!
[18:06:56] <Krenair>	 YuviPanda, we might also want to check all other researchers who are not in one of the authorised LDAP  groups
[18:07:42] <YuviPanda>	 zareen: cool. I left you a sample notebook on your homedir on accessing mysql from here
[18:07:53] <YuviPanda>	 Krenair: hmm, I am wondering if I should do that or just wait for people to ask :D
[18:07:55] <zareen>	 thanks for jumping in to help Krenair :)
[18:07:58] <YuviPanda>	 probably not the best of ideas
[18:08:35] <Krenair>	 I'm not saying add everyone to the groups
[18:08:43] <Krenair>	 just looking at who they are
[18:08:47] <Krenair>	 but it doesn't matter much
[18:13:44] <YuviPanda>	 right
[19:18:36] <bawolff>	 schana: So I've been playing with http://recommend-security-test.wmflabs.org/ just to get a feel for what the project does before looking at the code in depth. It appears that the preview window thing is broken (e.g. If you click on a suggested article title, a window pops up with the message "No internet")
[19:18:42] <bawolff>	 I assume its not supposed to be like that
[19:43:18] <bawolff>	 schana: err, nevermind, seems to work fine on chrome