Page MenuHomePhabricator

Add Daisy Chen to the wmf LDAP group
Closed, ResolvedPublic

Description

I'm working with @dchen (Wikitech username Dchen, production shell username daisy) to do some analysis using SWAP. This requires LDAP access to log in, so she needs to added to the wmf group (I believe).

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 25 2018, 7:23 PM
nshahquinn-wmf added a subscriber: Ottomata.EditedJul 25 2018, 7:25 PM

@Ottomata, can you confirm which LDAP groups provide SWAP access and document the answer on the SWAP page and LDAP/Groups page on Wikitech? Thank you!

@Neil_P._Quinn_WMF : In case you followed some documentation somewhere, please edit it to make it say that such tasks need to be filed under the LDAP-Access-Requests project tag - thanks!

@Neil_P._Quinn_WMF : In case you followed some documentation somewhere, please edit it to make it say that such tasks need to be filed under the LDAP-Access-Requests project tag - thanks!

Not the documentation—just me forgetting to actually do what I had planned to 😛

Thanks for fixing it!

Mentioned in SAL (#wikimedia-operations) [2018-07-25T23:05:06Z] <mutante> added dchen to LDAP group "wmf" (was already in admins as shell user, so didn't have to be added in puppet repo) (T200366)

Dzahn closed this task as Resolved.Jul 25 2018, 11:05 PM
Dzahn claimed this task.
Dzahn added a subscriber: Dzahn.

@Neil_P._Quinn_WMF @dchen This should be fixed now.

Dzahn added a comment.Jul 26 2018, 2:47 PM

Noticed today there are actually 2 separate users here using the same email address. (Because our automatic tools are warning about inconsistencies).

User "daisy" is an existing shell (ssh) user and user "dchen" also exists with a different UID and is the one you requested "wmf" membership for.

Can we clean that up and just use the existing "daisy" user? Were you aware you had 2 separate ones? I sent a mail to Daisy to ask about this.

Dzahn reopened this task as Open.Jul 26 2018, 2:47 PM

I edited the members of "wmf" one more time and replaced "dchen" with "daisy" to match the existing shell admin user in the admin module in puppet.

Noticed today there are actually 2 separate users here using the same email address. (Because our automatic tools are warning about inconsistencies).

User "daisy" is an existing shell (ssh) user and user "dchen" also exists with a different UID and is the one you requested "wmf" membership for.

Can we clean that up and just use the existing "daisy" user? Were you aware you had 2 separate ones? I sent a mail to Daisy to ask about this.

As far as I know, Daisy has two Wikitech accounts, one of which has shell access (Wikitech username Dchen, shell username daisy) and one which doesn't (Wikitech username DchenXXXX where the Xs are numbers I don't remember). Is that what you're talking about?

This request was for the first one, which is the one she actually uses. We can definitely remove the second one.

Dzahn added a comment.Jul 26 2018, 4:23 PM

There are 2 Wikitech / LDAP accounts, let me list all the relevant fields to make sure:

a) "daisy"
	uidNumber: 11669
        dn: uid=daisy,ou=people,dc=wikimedia,dc=org
        sn: Dchen
	cn: Dchen
        mail: dchen@wikimedia.org
b) "dchen"
	uidNumber: 14715
        dn: uid=dchen,ou=people,dc=wikimedia,dc=org
        sn: Dchen1586
	cn: Dchen1586
	mail: dchen@wikimedia.org

a) is the one that is _now_ in the wmf group (after my second edit) so that should mean: Yes, that is what i'm talking about and everything should be ok and resolved now :)

It should work then, let us know if there are any issues.

Cheers

Dzahn closed this task as Resolved.Jul 26 2018, 4:23 PM