⚓ T309394 Rename LDAP/shell (Samtar)

IMPORTANT: You should read this entire section before starting!

(4) Rename account

IMPORTANT: We are working on the LDAP account samtar, and renaming it to theresnotime

NOTE: uid is lowercase (theresnotime). whereas cn / sn are cased as TheresNoTime

(4.1) Follow SRE/LDAP guide for account rename

Open SRE/LDAP/Renaming users & the recommended tabs
Get user LDAP information

$ ldapsearch -xLLL -P 3 -E pr=40000/noprompt -b "ou=people,dc=wikimedia,dc=org" 'uid=samtar'
dn: uid=samtar,ou=people,dc=wikimedia,dc=org
uid: samtar
cn: Samtar
sn: Samtar
loginShell: /bin/bash
homeDirectory: /home/samtar
uidNumber: 12744
gidNumber: 500
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ldapPublicKey
objectClass: shadowAccount
objectClass: posixAccount
objectClass: top
mail: starling-ctr@wikimedia.org
[...]

# pagedresults: cookie=

Check that the desired uid is not already taken (i.e. that the changes done in step 2.1 are live)

$ ldapsearch -xLLL -P 3 -E pr=40000/noprompt -b"dc=wikimedia,dc=org" 'uid=theresnotime'
# pagedresults: cookie=

Change uid via changetype:moddn (i.e. modrdn)

$ ldapmodify -v -H 'ldap://ldap-rw.eqiad.wikimedia.org:389' -D 'uid=novaadmin,ou=people,dc=wikimedia,dc=org' -W -
Enter bind password:
dn: uid=samtar,ou=people,dc=wikimedia,dc=org
changetype: moddn 
newrdn: uid=theresnotime
deleteoldrdn: 1

Check that the uid change worked

$ ldapsearch -xLLL -P 3 -E pr=40000/noprompt -b "ou=people,dc=wikimedia,dc=org" 'uid=theresnotime'
dn: uid=theresnotime,ou=people,dc=wikimedia,dc=org
[...]

Change cn and sn

$ ldapmodify -v -H 'ldap://ldap-rw.eqiad.wikimedia.org:389' -D 'uid=novaadmin,ou=people,dc=wikimedia,dc=org' -W -
Enter bind password:
dn: uid=theresnotime,ou=people,dc=wikimedia,dc=org
changetype: modify
replace: cn 
cn: TheresNoTime
- 
replace: sn 
sn: TheresNoTime
-

Check that the cn and sn changes worked

$ ldapsearch -xLLL -P 3 -E pr=40000/noprompt -b "ou=people,dc=wikimedia,dc=org" 'uid=theresnotime'
dn: uid=theresnotime,ou=people,dc=wikimedia,dc=org
[...]

(4.2) Rename Wikitech account

Rename the Wikitech account Samtar to TheresNoTime

(4.3) Phabricator/Gerrit/Etc.

Phabricator: Self-service re-auth

(4.3.1) Gerrit

We will need to run through this guide

Checkout gerrit user database

$ ssh [gerrit host]
user@gerrit:~ $ sudo su - gerrit2
gerrit2@gerrit:~ $ cd /srv/gerrit/All-Users
gerrit2@gerrit:~ $ git fetch origin refs/meta/external-ids:refs/meta/external-ids
gerrit2@gerrit:~ $ git checkout FETCH_HEAD

Run uid rename script

#!/bin/bash

set -euo pipefail

OLD_USERNAME="Samtar"
NEW_USERNAME="TheresNoTime"

OLD_SHASUM=$(printf "username:%s" "${OLD_USERNAME}" | shasum -a 1)
NEW_SHASUM=$(printf "username:%s" "${NEW_USERNAME}" | shasum -a 1)

OLD_FILE=$(printf '%s/%s\n' "${OLD_SHASUM:0:2}" "${OLD_SHASUM:2:38}")
NEW_FILE=$(printf '%s/%s\n' "${NEW_SHASUM:0:2}" "${NEW_SHASUM:2:38}")

git mv "$OLD_FILE" "$NEW_FILE"

# Change username to lowercase in new file
sed -i "s/username:${OLD_USERNAME}/username:${NEW_USERNAME}/" "$NEW_FILE"

Run cn rename script

#!/bin/bash

set -euo pipefail

OLD_USERNAME="Samtar"
NEW_USERNAME="TheresNoTime"

OLD_SHASUM=$(printf "gerrit:%s" "${OLD_USERNAME}" | shasum -a 1)
NEW_SHASUM=$(printf "gerrit:%s" "${NEW_USERNAME}" | shasum -a 1)

OLD_FILE=$(printf '%s/%s\n' "${OLD_SHASUM:0:2}" "${OLD_SHASUM:2:38}")
NEW_FILE=$(printf '%s/%s\n' "${NEW_SHASUM:0:2}" "${NEW_SHASUM:2:38}")

git mv "$OLD_FILE" "$NEW_FILE"

# Change username to lowercase in new file
sed -i "s/gerrit:${OLD_USERNAME}/gerrit:${NEW_USERNAME}/" "$NEW_FILE"

Commit the changes per the guide
Re-index Gerrit accounts (back on your local PC)

$ ssh -p 29418 gerrit.wikimedia.org -- gerrit index start accounts --force

(4.4) Shell account

Follow SRE/Clinic Duty/Access requests#Renaming shell users

Status	Assigned	Task
Open	None	T309390 [Tracking] Rename LDAP/shell account samtar to theresnotime
Open	None	T309391 Connect SUL [[User:TheresNoTime]] to Developer account TheresNoTime via Striker
Stalled	None	T309392 Rename doppelganger LDAP/shell (TheresNoTime)
Stalled	None	T309393 Confirm successful rename & sync of doppelganger
Stalled	None	T309394 Rename LDAP/shell (Samtar)

Rename LDAP/shell (Samtar)
Open, Stalled, Needs TriagePublic
Actions

Description

(4) Rename account

(4.1) Follow SRE/LDAP guide for account rename

(4.2) Rename Wikitech account

(4.3) Phabricator/Gerrit/Etc.

(4.3.1) Gerrit

(4.4) Shell account

Related Objects
Search...

Event Timeline

	TheresNoTime
	May 27 2022, 12:06 PM

Rename LDAP/shell (Samtar)Open, Stalled, Needs TriagePublicActions

Description

(4) Rename account

(4.1) Follow SRE/LDAP guide for account rename

(4.2) Rename Wikitech account

(4.3) Phabricator/Gerrit/Etc.

(4.3.1) Gerrit

(4.4) Shell account

Related ObjectsSearch...

Event Timeline

Rename LDAP/shell (Samtar)
Open, Stalled, Needs TriagePublic
Actions

Related Objects
Search...