Page MenuHomePhabricator

Remove user "albe" from the wmde LDAP group
Closed, ResolvedPublic

Description

The person using the account is no longer doing engineering tasks on WMF infrastructure, neither is supposed to have write access to WMDE's repositories on Gerrit, hence please remove this user from wmde group.
I have removed the user from all ldap groups related to wikitech/horizon projects. "wmde" seems to be generally the only group remaining (not sure about the "nda" group actually, please advise if you know something about it), according to: https://tools.wmflabs.org/ldap/user/albe

I am Aleksey's line manager at WMDE (which can be verified at https://www.wikimedia.de/wiki/Mitarbeitende).

Hopefully that is enough information need to handle the action requested.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 5 2018, 12:58 PM
Krenair added a subscriber: Krenair.EditedSep 5 2018, 2:56 PM

nda is a highly privileged group according to https://wikitech.wikimedia.org/wiki/LDAP/Groups - not as much as most of the other ones on there, but still.

Change 458207 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: remove albe from ldap_admins, add to absent group

https://gerrit.wikimedia.org/r/458207

can be verified at https://www.wikimedia.de/wiki/Mitarbeitende

Thank you. I did that. Verified.

Note to other people handling access requests: This requires both a Gerrit change (user must be moved to special absent group in admins module) and manual action on an LDAP client. (modify-ldap-group).

Regarding the "nda" group, this does allow login on several web UIs, such as Icinga and is only done after legal confirms there is a NDA on file. So we may also have to tell @RStallman-legalteam about revoking it when removing somebody.

Change 458207 merged by Dzahn:
[operations/puppet@production] admins: remove albe from ldap_admins, add to absent group

https://gerrit.wikimedia.org/r/458207

Mentioned in SAL (#wikimedia-operations) [2018-09-05T16:31:24Z] <mutante> LDAP: removed user 'albe' from groups 'wmde' and 'nda' (T203561)

Done. Keeping the ticket open to check whether the NDA group removal needs a process with legal or not.

Thanks for removing from 'nda' LDAP group. Thanks in advanced to @RStallman-legalteam for taking any further actions that are required (if there any).

Ottomata closed this task as Resolved.Sep 7 2018, 5:30 PM
Ottomata assigned this task to Dzahn.
Ottomata triaged this task as Normal priority.
Ottomata added a subscriber: Ottomata.

Looks like we can resolve, thanks.

Dzahn reopened this task as Open.Sep 7 2018, 5:39 PM

Not yet please, per "Keeping the ticket open to check whether the NDA group removal needs a process with legal or not." and meanwhile i know it does.. Rachel needs to follow-up on NDA removal.

Thanks and sorry for my delay. I have noted this on the shared spreadsheet and updated the NDA contract record with this info.

Dzahn closed this task as Resolved.Sep 7 2018, 5:55 PM

cool, thanks Rachel. re-closing it then :)