Apologies, I should have provided more context. We've been futzing with this project which OIDC. We'd be looking to ensure that it works with Dex.

Would you considered taking prioritized funding for implementing OpenID?

@epriestley I've pinged you via pm about prioritization.

For reference, even though this isn't right. I figured I'd put my notes here for someone else to find and help me out:

location / {
    client_max_body_size 32M;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_set_header        X-Frame-Options DENY;
    proxy_set_header        X-XSS-Protection "1; mode=block";
    proxy_set_header        Referrer-Policy no-referrer-when-downgrade;

@jefferai how did you overwrite the headers? I'm encountering this exact same issue.

I'm thinking that the "faking" suggestion from above is likely the best situation given user mistake of using an initial name that is undesirable at a later date. I had wrongly thought that the remarkup was "internal form" already, which was a poor assumption.

I believe I understand now, however then I have one inquiry. Would there be a way to keep some sort of reference between the old username and new one, so if someone clicked/hovered on that mention the lookup would have some context for a rename that occured in the past. Would have to keep a chain then because people might rename more than once.

I didn't anticipate that, conpherence entries would be.... a lot of stuff to slog through.

I've interpreted the text as renaming a user will break references to objects the user has authored/interacted with. As in, a single transaction occurs and user who is named A is now named B, however all objects that were authored/interacted with will still have a reference to user A, which now no longer exists.

We would be prepared to step in for prioritization on this.

Awesome response, also fair that this won't be primary functionality. I feel our case is extremely edge due to poor environmental composition, which phabricator shouldn't be attempting to solve for us.

Might not be a strong use case, but we stumbled on this while talking internally about it. In our environment we've got many developers using phabricator, and an external 'manager' that basically just wants to see activity, but none of the developers want that manger to have direct interaction with their objects.

@hach-que can you disable php-apcu from the phabricator install, or do you mean to comment it out in the php/php-fpm config?

Can confirm this on another instance with the same package versions as what is reported in original post (Arch).

So, as a conensus... for php7 installs people are just disabling apc/apcu?

@valentinul can you please let me know what exactly you modified in your php.ini?

I changed the unit file to this:

It wasn't too much of a hunt, but I did go easy mode towards the end (audit2allow). For others he is my basic install notes on Fedora 23 server:

I'm using this unit file, which works when I manually start it or restart it. However, if I do a cold boot of the system the unit fails and I have to ssh in and manually restart it.

Correct... I'll dive into that. Although it doesn't look like its a quick/simple config change. I'll report back when I have it running.

I'd like to not have the users drop back to other means like hangouts. I was happy to wind down the rocket instance, but I might have to bring it back if there are situations arising where real-time coms are required.

Migrated over from rocket.chat (to pick up all the other awesome things within phabricator) and this is one of the first 'issues' I'm seeing with users. Almost everyone is connecting from Fedora 23 boxes with the latex Firefox release (44). It currently feels like you have to _send_ a message to get the updates in the chat room.

@rftfaria Did you just disable selinux... or did you work through it?

Anyone ever systematically worked through this? it's quite a tangled mess.

Thanks for this, just got caught by it myself.

just got an instance set up and ran into this, adding my voice to say issue is obnoxious.