Bug: Not all DNs are synced into rucio from CRIC

[haozturk]

Bug Description

in this ticket [1], I discovered that there's a user which has 2 DNs in CRIC and only one of them was synced to rucio and this user wasn't able to authenticate with rucio because of that

DNs in CRIC [2]. Identities in rucio [3]

[1] https://its.cern.ch/jira/browse/CMSDM-340
[2]

  {
    "DN": "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=seseyedi/CN=718535/CN=Hossein Seyedi", 
    "EMAIL": "hossein.seyedi@cern.ch", 
    "ID": 718535, 
    "LOGIN": "seseyedi", 
    "NAME": "Hossein Seyedi", 
    "ROLES": {
      "data-manager": [
        "site:t3-ir-ipm"
      ], 
      "site-admin": [
        "site:t3-ir-ipm"
      ], 
      "site-executive": [
        "site:t3-ir-ipm"
      ], 
      "user": [
        "group:users"
      ]
    }
  }, 
  {
    "DN": "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=seseyedi/CN=718535/CN=Seyed Hossein Seyedi", 
    "EMAIL": "hossein.seyedi@cern.ch", 
    "ID": 718535, 
    "LOGIN": "seseyedi", 
    "NAME": "Hossein Seyedi", 
    "ROLES": {
      "data-manager": [
        "site:t3-ir-ipm"
      ], 
      "site-admin": [
        "site:t3-ir-ipm"
      ], 
      "site-executive": [
        "site:t3-ir-ipm"
      ], 
      "user": [
        "group:users"
      ]
    }
  }, 

[3]

[haozturk@lxplus910 ~]$ rucio account identity list --account seseyedi
Identity: /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=seseyedi/CN=718535/CN=Seyed Hossein Seyedi,	type: X509
Identity: CN=Seyed Hossein Seyedi,CN=718535,CN=seseyedi,OU=Users,OU=Organic Units,DC=cern,DC=ch,	type: X509

Reproduction Steps

No response

Expected Behavior

I suppose all the DNs which belong to the same LOGIN in CRIC has to be added to its rucio account. @ericvaandering do you agree?

Possible Solution

No response

Related Issues

No response

[ericvaandering]

Yes, this should happen and in the past I believe we did this.