Page MenuHomePhabricator

Purge stale data from LDAP
Open, MediumPublic

Description

T138102 revealed that there is stale project membership data from the previous structure at (for example) cn=tools,ou=projects,dc=wikimedia,dc=org while only the information at cn=project-tools,ou=groups,dc=wikimedia,dc=org is now being kept updated. To avoid confusion, stale data that is no longer being updated should be purged.

NB: (AFAIUI) the entry cn=tools,ou=projects,dc=wikimedia,dc=org contains information "as itself", just the members attribute is stale and should be removed. So any actual data purging should be double-checked by another pair of eyes.

Related Objects

StatusSubtypeAssignedTask
OpenNone
OpenNone
DeclinedNone
ResolvedAndrew
ResolvedAndrew
ResolvedKrenair
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedRobH
Resolved Cmjohnson
Resolved Cmjohnson
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
DeclinedNone
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedKrenair

Event Timeline

I ran into this thing recently:

dn: dc=basic.puppet.node,ou=hosts,dc=wikimedia,dc=org
objectClass: domainrelatedobject
objectClass: dnsdomain
objectClass: domain
objectClass: puppetclient
objectClass: dcobject
objectClass: top
l: eqiad
associatedDomain: basic.puppet.node
dc: basic.puppet.node

Also T134025: LDAP contains two extra incorrect host entries with aRecord=10.68.17.118, one with aRecord=10.68.22.5, and one with aRecord=10.68.16.120 is relevant.

Per T141408 I think the project role entries are also outdated now