Page MenuHomePhabricator

Add Clara Andrew-Wani to wmf ldap group
Closed, ResolvedPublic

Description

As an engineer on the Core Platform Team, @Clarakosi should be in the wmf ldap group, granting her CR+2 on gerrit for core and extensions.

Event Timeline

daniel created this task.Fri, Aug 9, 2:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFri, Aug 9, 2:33 PM
Aklapper renamed this task from Clara Clara Andrew-Wani missing from wmf ldap group. to Add Clara Andrew-Wani to wmf ldap group.Mon, Aug 12, 4:55 PM

It looks like @Clarakosi isn't even listed on admin/data/data.yaml on puppet so I guess she should be added there first, then add LDAP groups as required. From ldapsearch, it looks Clara's shell is clarakosi.

It looks like @Clarakosi isn't even listed on admin/data/data.yaml on puppet so I guess she should be added there first, then add LDAP groups as required. From ldapsearch, it looks Clara's shell is clarakosi.

Any idea how this happened? At what point of the onboarding should she have been added?

CDanis added a subscriber: CDanis.Tue, Aug 13, 8:16 PM

It looks like @Clarakosi isn't even listed on admin/data/data.yaml on puppet so I guess she should be added there first, then add LDAP groups as required. From ldapsearch, it looks Clara's shell is clarakosi.

Any idea how this happened? At what point of the onboarding should she have been added?

It should have been done by SRE as part of any initial LDAP group request.

However, SRE doesn't get notifications about new employees in any way except these tickets; filing an access request ticket pretty is a standard thing to have in SRE's own team onboarding ticket templates. I do not know if there is any standard across teams, or re-use of templates, etc.

Anyway, I will do the needful tomorrow.

I think @jbond created some templates on Wikitech to onboard people, and there's an onboarding script as well. I don't know if that procedure is intended for this kind of access requests or for elevated permissions.

I think so as well @MarcoAurelio, but I can't find them right now, and judging by other recent access request / onboarding tickets, that information doesn't seem to have been widely disseminated throughout the WMF.

Also, the templates involved here should really be a Phabricator form. Making new hires type freeform text asking for access to systems they've only just heard of seems suboptimal for everyone involved :)

Change 530221 had a related patch set uploaded (by CDanis; owner: CDanis):
[operations/puppet@production] admin: add clarakosi to ldap_only_users

https://gerrit.wikimedia.org/r/530221

Change 530221 merged by CDanis:
[operations/puppet@production] admin: add clarakosi to ldap_only_users

https://gerrit.wikimedia.org/r/530221

CDanis closed this task as Resolved.Wed, Aug 14, 9:26 PM
CDanis claimed this task.

I think so as well @MarcoAurelio, but I can't find them right now, and judging by other recent access request / onboarding tickets, that information doesn't seem to have been widely disseminated throughout the WMF.
Also, the templates involved here should really be a Phabricator form. Making new hires type freeform text asking for access to systems they've only just heard of seems suboptimal for everyone involved :)

What I've found was https://wikitech.wikimedia.org/wiki/Ops_Onboarding, but it looks -indeed- it is for Ops and people with Prod shell access.

Thank you all!

I'm still unclear on how this is supposed to work in the future, though. The hiring manager files a ticket like this one? Is that the workflow?

@daniel I think maybe @RobH could advice. Also, I assume Clara did signed all the paperwork (NDAs, etc.) before adding her to the LDAP groups right?

When i started I believe someone from OIT created an office wiki page based of a standard template. There is also an Ops specific page which i think is referenced in the first wiki.

@daniel I think maybe @RobH could advice. Also, I assume Clara did signed all the paperwork (NDAs, etc.) before adding her to the LDAP groups right?

I assume all staff does when they are hired?