Page MenuHomePhabricator

LDAP access for group 'nda' for knissen
Closed, ResolvedPublic

Description

I would like to request access to the LDAP group nda to get access to pivot. I'm working in WMDE's fundraising-tech team and want to access banner impression data.

I signed the NDA and have a wikitech account (that is linked to my mediawiki.org account and to this phabricator account).

LDAP user: knissen
cn: Kai Nissen (WMDE)
mail: kai.nissen

Requirements to be met

  • - @kai.nissen signs NDA with WMF Legal (Not an NDA on phabricator.)
  • - NDA is confirmed by WMF Legal. (@RobH checked and @kai.nissen is NOT listed on the NDA google sheet as of 2017-08-30)
  • - user must be listed in operations/puppet:modules/admin/data.data.yaml file. (user isn't listed, will need to be added to the ldap users section at the bottom, including the expiry date of any NDA and a notification to whoever is the WMF contact point for WMF NDA with WMDE.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 16 2017, 10:56 AM
Framawiki renamed this task from LDAP access for group 'nda' to LDAP access for group 'nda' for kai.nissen.Jun 16 2017, 4:41 PM
Framawiki added a subscriber: Framawiki.

This seems to be stalled for some time now. Is there anything missing for my request?

demon changed the task status from Open to Stalled.Jul 12 2017, 8:34 PM
demon added a subscriber: demon.

I've reached out to WMF Legal and they don't seem to have an NDA on file for you. Can you please follow up with your manager / legal. Thanks!

I've reached out to WMF Legal and they don't seem to have an NDA on file for you. Can you please follow up with your manager / legal. Thanks!

@kai.nissen: ping - Cannot see a signature in L2 ("Trusted Volunteer Access & Confidentiality Agreement") either. As you state that you "signed the NDA" could you clarify when / how?

RobH added a subscriber: RobH.Aug 23 2017, 4:49 PM

Please note that all ldap requests must also have the user listed in the admins module in operations/puppet. Once a NDA is confirmed to be on file with WMF legal, we can add this person to the ldap users section of that module. I don't see @kai.nissen in that file now, so they'll have to be added. If the user is added to the ldap group without inclusion in the module, it will cause alerts for operations.

I've checked the NDA sheet that I have access to, and can confirm I don't see any entry for @kai.nissen on that sheet.

RobH added a comment.Aug 23 2017, 10:08 PM

FYI:
Also note, as far as I know, signing the L2 doesn't get you access to any LDAP flags. Those flags require an actual NDA on file with Legal, not a phabricator NDA.

We have this NDA on file for 11 WMDE folks already, so its not a new thing.

Assigning to @kai.nissen for the time being.
Please reset the assignee (via the Add Action...Assign / Claim dropdown) once the previous comments have been covered.

RobH updated the task description. (Show Details)Aug 30 2017, 6:49 PM
RobH assigned this task to kai.nissen.Sep 1 2017, 4:45 PM
RobH closed this task as Declined.Sep 5 2017, 9:58 PM

This request has now sat since July 12th pending feedback from @kai.nissen, regarding their getting an signed NDA on file with WMF legal.

I'm going to close this as declined for now. If the NDA is later signed, this can be reopened. I'm happy to check/confirm NDA status with Legal after Kai advises they've signed the NDA. (Someone in ops or legal must confirm NDA status on this task.)

Hello all,

@kai.nissen has signed an NDA which is now on file with legal and I've added his name to the shared spreadsheet.

cheers,
Rachel

RobH reopened this task as Open.Sep 8 2017, 4:35 PM
Dzahn updated the task description. (Show Details)Sep 8 2017, 6:01 PM
Dzahn added a subscriber: Dzahn.

Does the NDA have an expiry date?

Dzahn renamed this task from LDAP access for group 'nda' for kai.nissen to LDAP access for group 'nda' for knissen.Sep 8 2017, 6:05 PM
Dzahn updated the task description. (Show Details)
Dzahn claimed this task.

The NDAs have no expiration date. WMDE staff don't have another agreement in place with an expiration date.

Change 376769 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: add Kai Nissen (knissen) to LDAP (nda) users

https://gerrit.wikimedia.org/r/376769

Change 376769 merged by Dzahn:
[operations/puppet@production] admins: add Kai Nissen (knissen) to LDAP (nda) users

https://gerrit.wikimedia.org/r/376769

After merging the change above, i went to terbium and added "knissen" to "nda" with "[terbium:~] $ sudo modify-ldap-group nda". Now:

[terbium:~] $ sudo ldaplist -l group nda | grep knissen
member: uid=knissen,ou=people,dc=wikimedia,dc=org

@kai.nissen Please try logging in on Pivot now. It should work with the wikitech user/pass. Cheers, Daniel

Dzahn updated the task description. (Show Details)Sep 8 2017, 7:18 PM
Dzahn closed this task as Resolved.

Login works. Thanks a lot!