Page MenuHomePhabricator

LDAP Access to wmf user group for TAndic
Closed, ResolvedPublic


I would like to request access to the 'nda' LDAP group to be able to use Superset for my day to day work. I work as an Evaluation Strategist (-ctr) for Global Data & Insights within the Technology department (direct manager Jaime Anstee, JAnstee_WMF on phabricator).

  • The username of your existing account on TAndic
  • Do you currently have shell access (Yes/No)? No
  • Purpose (Specify which service you need to get access to, e.g. Icinga, Grafana, Superset etc): Superset, Turnilo
  • The specific LDAP group that you want to be added to (optional): wmf

For contractors only:

  • Contract end date: June 30, 2022
  • Contract contact person: @JAnstee_WMF (Jaime Anstee,

Event Timeline

Hi @TAndic, please see and the list there, plus please link any potential team docs to that page, for future requests. Thanks a lot! :)

Thanks, @Aklapper ! Should I file a new request through the task template linked or stick with this one?

If sticking with this one:

Username: TAndic
Shell access: No (would like, preferred username: tandic)
Purpose: Access to Superset, Turnilo
Group: wmf
Contract end date: June 30, 2022
Contract contact: JAnstee_WMF (Jaime Anstee,

My contract will likely be extended next year, should I reapply for access next fiscal year or can we flag my account as ongoing?

Side question: <- should our team consider this page as out of date or just irrelevant to WMF staff?

Thank you once more! :)

ema triaged this task as Medium priority.Aug 13 2021, 8:12 AM

Hi @TAndic!

Should I file a new request through the task template linked or stick with this one?

I've updated the task description to use the template.

Shell access: No (would like, preferred username: tandic)

There's another procedure to request shell access, please see

My contract will likely be extended next year, should I reapply for access next fiscal year or can we flag my account as ongoing?

I'm not sure about this yet, asking around!

Side question: <- should our team consider this page as out of date or just irrelevant to WMF staff?

Which part specifically?

Change 712919 had a related patch set uploaded (by Ema; author: Ema):

[operations/puppet@production] admin: Add tandic to ldap_only_users for 'wmf' group access

ema renamed this task from LDAP Access to nda user group for TAndic to LDAP Access to wmf user group for TAndic.Aug 13 2021, 8:49 AM

Side question: <- should our team consider this page as out of date or just irrelevant to WMF staff?

Which part specifically?

Oops, apologies for the lack of detail! The Requesting Access section (; this page is what I used to get to here but has less detailed instructions for filing a Phabricator task for LDAP access compared to the above-recommended Phabricator link (

Thank you for your help, @ema ! I'll be out on vacation next week so no urgency on this, and I will submit my shell access request when I'm back :)

I changed the link on that section. The rest of the requesting access doesn't seem off. It might need some more recent examples.

Perfect, thank you!

Would it be okay if I added a link directly to the Phabricator instructions ( for more details? It was very helpful for me, for example, as I got confused about whether I was supposed to ask for access to the nda or wmf group as a -ctr contractor and it has some clarifying links and instructions there.

Sorry to ask for so much clarification, I just don't want to misdirect people or change things I shouldn't be changing!

It's a wiki, I don't see why not :)

They're open for anyone to improve.

My contract will likely be extended next year, should I reapply for access next fiscal year or can we flag my account as ongoing?

I've asked. :)

The way this works is that the SRE team gets notified by an automated email when the contract expires. At that point we get in touch to figure out whether we need to renew or not. I have added the relevant details as suggested by @Dzahn (thanks!) to

Great! Thanks @ema and @Dzahn for the sleuthing & details and @RhinosF1 for the confidence push!

Change 712919 merged by Dzahn:

[operations/puppet@production] admin: Add tandic to ldap_only_users for 'wmf' group access

Mentioned in SAL (#wikimedia-operations) [2021-08-16T16:01:50Z] <mutante> LDAP - added user tandic to nda group (T288527)

approved by @JAnstee_WMF via mail

@TAndic You have been added to the nda group as requested. Feel free to try it out.

Dzahn claimed this task.

If there is an issue feel free to reopen the ticket.

We received automatic email telling us that " tandic is in nda group, but registered with a WMF account".

@TAndic I removed you from "nda" but added you to "wmf". This should make no practical difference for you though. All places I know have an "nda OR wmf" kind of logic or in doubt "wmf" gives you even more privileges.

If you notice any unexpected issues please let us know though.

