Page MenuHomePhabricator

Give me permissions in LDAP [Please don't use this anymore]
Closed, ResolvedPublic


This is a parent task, and an ongoing process to add people to the wmf group so they can access analytics tools such as pivot, piwik, or other things that are only available internally behind LDAP authentication.

Before requesting access here, please make sure you:

  • have a functioning wikitech login
  • are an employee or contractor with wmf OR have signed an NDA

Depending on the above, you can request to be added to the wmf group or the nda group (this may change as a result of T129786). You can do so by:

  • comment on this task, stating which group you think you should be in (wmf or nda) and that you'd like access
  • include your username on wikitech
  • one of us will create a subtask to grant you access
  • if we don't get back to you within a business day or so, ping us on IRC or email

Once you're added to the group, you'll be able to access pivot, piwik, etc, and we'll be maintaining documentation about that on

Also please check

Event Timeline

Can you please add me to the WMF group? I need it to see some stuff on piwik. My wikitech username is wubwubwub. (It wouldn't let me create an account with spaces in it, iirc. I can switch to Abittaker (WMF) if that would be easier for y'all.)

May I be added to the WMF group? I tried to access with my Wikitech credential but it did not work...My wikitech user name is Hjiang. Thanks a lot and I will really appreciate your help!

@HJiang-WMF I checked your username as part of T149187, you are in the wmf ldap group as far as I can see, so you should be able to login in Pivot. Have you tried recently to access pivot?

Anyhow, please follow up with me directly so we'll sort out the issue!

As per, I verified that wubwubwub is a valid account with email belonging to Amanda. I added the user to`wmf` as requested.

@Abit - You should be able to pass the first authentication barrier for Piwik now. Please note that you'll require another user for Piwik, but I haven't done it before so we'll need @Milimetric's assistance :)

elukey triaged this task as Medium priority.Nov 18 2016, 8:37 AM

@elukey I tried to access pivot with my Wikitech credential, and now it finally worked. Thanks for pointing me to the right direction! Much appreciated.

Commenting on behalf of @Tnegrin. Toby needs access to Pivot, so please add him to wmf LDAP. His wikitech username is: tnegrin. Thank you!!

Howdy, can I be added to the wmf LDAP group? Wikitech username is Spatton. I'm a member of the online fundraising team. Thank you.

Editing this to also include the same access request for other members of the online fundraising (banner) team. Here are their usernames:


attn @Pcoombe, @jrobell, @MeganHernandez_WMF

@spatton: could you also specify whether each user is a WMF employee or a contractor that has signed the NDA? This will help add them to the right LDAP group.

Absolutely @Milimetric - everyone listed above is an WMF employee. Thanks!

omg -- it works and it's wonderful. Thanks all!

@Pcoombe, @jrobell, @MeganHernandez_WMF and @spatton you should all now be able to log in

Please read the following wiki page: (section wmf grants access to)

In the above wiki page you'll see how many things other than pivot you can now access since you are know part of the wmf LDAP group. Don't want to scare you but please remember that with great power comes great responsibility :)
Please read the page and let me know if there is any doubt or follow up. It is always better to be aware of what your account is allowed to do in our infrastructure :)


Thanks @elukey, it's working for me. This is great!

Working for me as well @elukey. Thank you!!

Hello! I am a WMF employee and would like to request access to pivot. My Wikitech username is melodykramer

Please let me know if you have any questions! or here!

@MelodyKramer Hello! Just added you to the wmf group, you should be now able to access

Please read this follow up to know exactly what new permissions you got. This access grants a lot of freedom to explore a lot of critical data for the WMF (not only pivot) so better to be aware of it :)

Let me know if it works!

Thanks @elukey - appreciate it! I'll let you know if I run into any trouble! Have a great day!

Hey! Could I request access to pivot for the following account:

Seddon (

Confirming I am a WMF employee.

@Jseddon done! Please review this to make sure that you are aware of what the new permissions grant to your account :)

Thanks much, @elukey and @Milimetric. I have two additional permissions requests for our fundraising analytics consultants. Could you please add them to the wmf LDAP group, and let me know if there's any additional verification of employment I should provide? You can find their contact details listed at the bottom of the Collab Fundraising Contact list (last names Pany and Samra).


CC @jrobell

@spatton: The "wmf" LDAP group is limited to WMF staff. There's a separate "nda" LDAP group covering access to various web-based services. What in particular do you need to access?

Hi @elukey and @Milimetric - I'm still unable to sign in. I believe I am using the correct u and p. Would it be possible to screenshare or evaluate with one of you?

@MoritzMuehlenhoff, right now we're just looking to get these two users Pivot access, so the NDA group would be just fine.

That groups page describes: wmf - for WMF staff/contractors, which is why I specified WMF. Thanks much for the help.

@spatton: this is an example of a task that I opened for the WMDE folks that needed access - - we'll probably need to do it again for your last access request.

Melody is able to access now, just followed up on Hangouts.

I followed up with Sam via chat, we are following up with Legal to verify NDA compatibility with this request before proceeding any further.

thank you @elukey. I started an email thread with you and James at legal
who has been handling the contracts with CPS for us.

Hello. I would like access access to pivot, so I need LDAP permissions. I should be in group wmf

I am a product manager at the WMF:

My wikitech username is:

Thank you!

Thank you @MoritzMuehlenhoff — I can confirm I now have the access I need.

@Mpany and @Jksamra should be able to login to Pivot now (

As I written before, please check what the nda LDAP group grant you access to in :)

Let me know if you have any issue!

As far as I can see nobody else has a pending access request, please let me know otherwise.

Further requests will need to be a clone of this task, please open one for each interested username. Feel free to ping me directly on IRC or hangouts if you have any doubts.

It was nice as a super easy to find quick link to send people when they needed access. What do you all prefer instead? A quick sub-page of Data_access?

@Milimetric : When new people should be added to the privileged LDAP groups ("wmf" for WMF staff or "nda" for volunteers/researchers/external contractors), please open a Phab ticket and add the Ops-Access-Requests project.This way it gets picked up by the Ops person on Ops Clinic Duty for quick processing.

Could we just change the phrasing of this task to say that? So the description would be:

To use Pivot, Piwik, and other Analytics tools that require an LDAP login, please do the following:


  • have a functioning wikitech login
  • are an employee or contractor with wmf OR have signed an NDA
  • create a sub-task of this task, tag it Ops-Access-Requests
  • in that task, ask to be added to:
    • nda LDAP group if you're a volunteer/researcher/external contractor
    • wmf LDAP group if you're WMF staff

Hi - I am requesting access to pivot by being added to the wmf group (I am the product manager for the reading-web team -
My wikitech username is Ovasileva

elukey renamed this task from Ongoing: Give me permissions in LDAP to Give me permissions in LDAP [Please don't use this anymore].Mar 16 2017, 4:49 PM

Changed the Task title and the Analytics docs, from now on please open a task like, this task is not valid anymore :)