LDAP access for group 'nda' for knissen
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	kai.nissen
	Jun 16 2017, 10:56 AM

Description

I would like to request access to the LDAP group nda to get access to pivot. I'm working in WMDE's fundraising-tech team and want to access banner impression data.

I signed the NDA and have a wikitech account (that is linked to my mediawiki.org account and to this phabricator account).

LDAP user: knissen
cn: Kai Nissen (WMDE)
mail: kai.nissen

Requirements to be met

- @kai.nissen signs NDA with WMF Legal (Not an NDA on phabricator.)
- NDA is confirmed by WMF Legal. (@RobH checked and @kai.nissen is NOT listed on the NDA google sheet as of 2017-08-30)
- user must be listed in operations/puppet:modules/admin/data.data.yaml file. (user isn't listed, will need to be added to the ldap users section at the bottom, including the expiry date of any NDA and a notification to whoever is the WMF contact point for WMF NDA with WMDE.

Details

	Subject	Repo	Branch	Lines +/-
	admins: add Kai Nissen (knissen) to LDAP (nda) users	operations/puppet	production	+4 -0

Customize query in gerrit

Related Objects

Mentioned In: T358578: Add WMDE staff who have signed the NDA with the WMF to the WMF-NDA phabricator policy group
T241838: Requesting access to EventLogging data for knissen
T226431: User knissen can't access Superset

Event Timeline

kai.nissen created this task.Jun 16 2017, 10:56 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 16 2017, 10:56 AM

Framawiki renamed this task from LDAP access for group 'nda' to LDAP access for group 'nda' for kai.nissen.Jun 16 2017, 4:41 PM

Framawiki subscribed.

This seems to be stalled for some time now. Is there anything missing for my request?

I've reached out to WMF Legal and they don't seem to have an NDA on file for you. Can you please follow up with your manager / legal. Thanks!

In T168046#3432715, @demon wrote:

I've reached out to WMF Legal and they don't seem to have an NDA on file for you. Can you please follow up with your manager / legal. Thanks!

@kai.nissen: ping - Cannot see a signature in L2 ("Trusted Volunteer Access & Confidentiality Agreement") either. As you state that you "signed the NDA" could you clarify when / how?

Please note that all ldap requests must also have the user listed in the admins module in operations/puppet. Once a NDA is confirmed to be on file with WMF legal, we can add this person to the ldap users section of that module. I don't see @kai.nissen in that file now, so they'll have to be added. If the user is added to the ldap group without inclusion in the module, it will cause alerts for operations.

I've checked the NDA sheet that I have access to, and can confirm I don't see any entry for @kai.nissen on that sheet.

RobH moved this task from Backlog to NDA Pending on the LDAP-Access-Requests board.Aug 23 2017, 4:53 PM

FYI:
Also note, as far as I know, signing the L2 doesn't get you access to any LDAP flags. Those flags require an actual NDA on file with Legal, not a phabricator NDA.

We have this NDA on file for 11 WMDE folks already, so its not a new thing.

Assigning to @kai.nissen for the time being.
Please reset the assignee (via the Add Action... → Assign / Claim dropdown) once the previous comments have been covered.

RobH updated the task description. (Show Details)Aug 30 2017, 6:49 PM

RobH assigned this task to kai.nissen.Sep 1 2017, 4:45 PM

This request has now sat since July 12th pending feedback from @kai.nissen, regarding their getting an signed NDA on file with WMF legal.

I'm going to close this as declined for now. If the NDA is later signed, this can be reopened. I'm happy to check/confirm NDA status with Legal after Kai advises they've signed the NDA. (Someone in ops or legal must confirm NDA status on this task.)

Hello all,

@kai.nissen has signed an NDA which is now on file with legal and I've added his name to the shared spreadsheet.

cheers,
Rachel

RobH reopened this task as Open.Sep 8 2017, 4:35 PM

Does the NDA have an expiry date?

Dzahn renamed this task from LDAP access for group 'nda' for kai.nissen to LDAP access for group 'nda' for knissen.Sep 8 2017, 6:05 PM

Dzahn claimed this task.

Dzahn updated the task description. (Show Details)

The NDAs have no expiration date. WMDE staff don't have another agreement in place with an expiration date.

Change 376769 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: add Kai Nissen (knissen) to LDAP (nda) users

https://gerrit.wikimedia.org/r/376769

gerritbot added a project: Patch-For-Review.Sep 8 2017, 6:12 PM

Change 376769 merged by Dzahn:
[operations/puppet@production] admins: add Kai Nissen (knissen) to LDAP (nda) users

https://gerrit.wikimedia.org/r/376769

After merging the change above, i went to terbium and added "knissen" to "nda" with "[terbium:~] $ sudo modify-ldap-group nda". Now:

[terbium:~] $ sudo ldaplist -l group nda | grep knissen
member: uid=knissen,ou=people,dc=wikimedia,dc=org

@kai.nissen Please try logging in on Pivot now. It should work with the wikitech user/pass. Cheers, Daniel

Dzahn closed this task as Resolved.Sep 8 2017, 7:18 PM

Dzahn updated the task description. (Show Details)