Page MenuHomePhabricator

LDAP access request - add Christian Aistleitner to "nda" (or "wmf")
Closed, ResolvedPublic


Christian "@QChris" Aistleitner will be working on the Gerrit upgrade (T200739) as a contractor.

For this he should be able to see Icinga alerts related to it and also schedule downtimes/ACK/etc.

I have created an Icinga contact for him and added him to the existing contactgroup for gerrit. 596624. This means he will have permissions to run commands on these services/hosts related to Gerrit, but not on other ones. (It is _not_ the global override in cgi.cfg, just regular contact privileges for specific services).

What is missing now though is that he is able to get past the login we added in front of Icinga which needs one of the LDAP groups "ops" or "wmf" or "nda".

This request is to add him to the appropriate one. Since "nda" is for volunteers and "wmf" is for employees I am never quite sure which one to use for contractors. Either one will work fine to resolve this ticket.

So we should go through the usual steps to get him on file with an NDA and then add him to the group.

Please note he already has existing shell access with root on the Gerrit servers and therefore a change in puppet is not needed.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Dzahn triaged this task as Medium priority.May 15 2020, 11:01 AM
Dzahn updated the task description. (Show Details)

@KFrancis Could you please contact @QChris to start the NDA process? Or confirm if one already exists (maybe from the past)? Thanks!

@QChris Katie will need some details from you. Sorry if this already happened. The background here is to get you Icinga access as we have talked about.

@Dzahn, @QChris has an existing NDA on file. Thanks!

Thanks @KFrancis

@QChris I added you to the nda group. You should now be able to login to Icinga.

Thanks. Works like a cham now!