Trouble with two way authentication on my ldap user


(Kristján Geir Mathiesen) #1

Hi

I´m a volunteer trying to log into

my ldap user is k@kasma.is

I think I did setup the two way but switched phones and now I´m just a
mess :confused:

My Moz profile -> https://mozillians.org/en-US/u/mathiesenk/

Sorry,
KGM


(kang) #2

Hi,

Did you print the recovery codes? If yes, you could use these to re-setup at https://login.mozilla.com

If not, do you still use the same phone number?
If so, we would need to verify your identity asynchronously (its a long/difficult process which is not always successful) and help you reset.

Note that if you do not need an LDAP account, it’s also possible to simply switch it over to an FxA or GitHub account instead (and remove the LDAP account).


(Kristján Geir Mathiesen) #3

Hi

Yes, I was able to login at https://login.mozilla.com which states that
I am enrolled in Duo:
You are currently enrolled in Duo Security

I am told that Duo is for employees and I should be using Google
authenticator (and I´ve successfully set it up for my Fx account). How
can I do that?

When I click on "Multi facctor authentication (MFA), I am prompted to
login with Duo which I can´t :confused:

Yes, I have the same phone number.

Thanks,
KGM


(kang) #4

Duo is for all LDAP account owners, so not necessary just Mozilla Staff.

That said, using FxA + 2FA is much more convenient if you aren’t Staff and if you don’t require an LDAP account (VPN, Code push to Mercurial require LDAP - we’re working on removing that limitation though).

Granted that your FxA account primary email is the same as your LDAP contributor account, would you like to relinquish access to your LDAP account and use the FxA one instead?

If so, I can set that up for you


(Kristján Geir Mathiesen) #5

Hi again.

To be honest, I just want to be able to login to
https://reps.mozilla.org/e/icelandic-locale-quality-review-2018/ so I
can add myself there and add comments/changes - if I am even allowed to
do that.

So yes, if the FxA account gets me there, then I think I´m willing to
relinquish the LDAP…

thanks again for your help.
KGM

P.s. us volunteers get confused with all these accounts…


(kang) #6

Hi,

No problem. We’re have a lot of legacy work around that we’re slowly phasing out as we replace them with more modern infra.

You should already be able to login to discourse with FxA now - but do note that if you login with your LDAP before the bugs below are resolved this will revert it.


Let me know if this solves your issue