Issue 1783: Intermittent LDAP failures produce incorrect approvals
Status:  New
Owner: ----
Reported by yzh...@gmail.com, Feb 12, 2013
Affected Version: 2.5.1

What steps will reproduce the problem?
1. Make users A and B on the LDAP host that Gerrit is using
2. Push a change to refs/for as user A, note the change #
3. Review that changeset as -2 as user A
4. Flush the caches
5. Run an SSH command as user B (to put the user in the cache)
6. Disconnect LDAP by using iptables or stopping the server
7. Run an SSH gerrit query with '<change #> is:open -CodeReview-2'

What is the expected output? What do you see instead?
Expected: No reviews, since we're filtering out reviews with -2, OR an error noting that LDAP is down. 
Actual: We see the code review that has with the -2. 

This seems to be a side effect with the way LDAP is handled in Gerrit - it is completely abstracted away by the cache. When RefControl computes the approval ranges of a particular user, and the user is not cached, the ranges are essentially wrong when LDAP is down. However, it has no way of knowing this because IdentifiedUser.getEffectiveGroups returns empty groups instead of throwing an exception. 

In our use case, we have a script that polls Gerrit using the SSH query interface continuously, and merges commits after they have verified and +2 CR. A couple times, a -2 changeset got merged because of intermittent LDAP outages.