Page MenuHomePhabricator

LDAP access for group 'nda' for Tobias Schumann (WMDE)
Closed, ResolvedPublic

Description

I would like to request access to the LDAP group nda to get access to pivot. I'm working in WMDE's fundraising team and want to access banner impression data.

I already created a wikitech account (that is linked to my mediawiki.org account and to this phabricator account), but I still need to sign the nda.

WikiTech/LDAP user name: Tobias Schumann (WMDE)

Thanks for your help!

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 19 2018, 1:19 PM

@RStallman-legalteam Here's another NDA signing request from WMDE. Thank you!

@Tobias_Schumann_WMDE Please let Rachel (^) know your email address to invite you to signing the document.

Dzahn triaged this task as Normal priority.Apr 20 2018, 6:19 PM
herron added a subscriber: herron.

Tobias's NDA is fully signed and on file with legal. Thank you!

Hi @Tobias_Schumann_WMDE

re: WikiTech/LDAP user name: Tobias Schumann (WMDE)

I don't think this can be the Wikitech user name, i can't find any matching Wikitech user in Mediawiki nor with the command-line LDAP tools.

I'll try to search by email, or if you can double check what it shows when you are logged in on wikitech.wikimedia.org.

Thanks

Yea, i can't find the string "schumann" (from email address) anywhere in LDAP.

Note how it says "LDAP User unknown" on https://phabricator.wikimedia.org/p/Tobias_Schumann_WMDE/ and it's linked to Mediawiki.

Wikitech wiki isn't a SUL wiki, it uses the LDAP as backend.

Can you double-check you can login on wikitech and if not register on https://wikitech.wikimedia.org and pick a user name there?

Hi @Dzahn

I checked again and I could login. Maybe it's because with and without "_". I logged in with "Tobias Schumann WMDE" but according to my user page the user name actually is "Tobias_Schumann_WMDE" (see: https://wikitech.wikimedia.org/wiki/User:Tobias_Schumann_(WMDE)).

The unknown LDAP user on my Phabricator profile is kind of strange. According to my seetings on https://toolsadmin.wikimedia.org/ the LDAP account is linked to my phabricator account.

Kind reagrds

Hi @Peachey88 thanks for the hint! It wasn't, but now I created the link. I thought the linkage in LADP is enough. Thanks again.

@Dzahn The Wikitech account is now referred to on my Phabricator account.

I'm sorry, i still can't find any "Tobias" besides 2 other users in the entire LDAP. I see you linked the user but it also says "was created automatically " on https://wikitech.wikimedia.org/wiki/Special:Log/Tobias_Schumann_(WMDE) . I'm not sure but this seems to be the case when a SUL user is used to login on wikitech rather than creating a new wikitech user. hmm...

@Andrew helped me and was able to find your user name is "tschumann". That is the "uid" that i needed to add to the group. It looks like this:

cn: Tobias Schumann (WMDE)
sn: Tobias Schumann (WMDE)
uid: tschumann

You have been added to the group now. Things should work.

Dzahn closed this task as Resolved.Apr 25 2018, 4:04 PM
Tobias_Schumann_WMDE reopened this task as Open.Apr 26 2018, 2:32 PM

@Dzahn Sorry to open that again. I do not succeed to log in into Pivot. Could it be that this has something to do with the unclarities around my nickname?

"tschumann", "Tobias_Schumann_(WMDE)" nor "Tobias Schumann (WMDE)" worked, though. Do you have an idea?

Mentioned in SAL (#wikimedia-operations) [2018-04-26T15:18:37Z] <mutante> added LDAP user tschumann to "nda" group (T192549)

@Tobias_Schumann_WMDE

Please try again now. The issue was you had been added to the "wmde" group but not the "nda" group. My bad because we had several requests from other WMDE users that were about the "wmde" group only.

@Dzahn
Great, now it works! Thanks a lot!

Tobias_Schumann_WMDE closed this task as Resolved.Apr 26 2018, 6:32 PM
MoritzMuehlenhoff reopened this task as Open.Apr 27 2018, 12:22 PM

@Tobias_Schumann_WMDE

Please try again now. The issue was you had been added to the "wmde" group but not the "nda" group. My bad because we had several requests from other WMDE users that were about the "wmde" group only.

@Dzahn: When adding a user to cn=nda or cn=wmf which doesn't have production shell access, they need to be added to the ldap_only_users table in modules/admin/data/data.yaml, reopening the ticket.

Change 429458 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: add Tobias Schumann to ldap_only admins

https://gerrit.wikimedia.org/r/429458

Change 429458 merged by Dzahn:
[operations/puppet@production] admins: add Tobias Schumann to ldap_only admins

https://gerrit.wikimedia.org/r/429458

Dzahn closed this task as Resolved.Apr 27 2018, 5:47 PM

@MoritzMuehlenhoff Oh.. of course yes, i forgot. Done!