Create account and send initial password to @nshahquinn-wmf per request at https://wikitech.wikimedia.org/wiki/MediaWiki_talk:Titleblacklist#Exemption_from_the_block_on_WMF_accounts?
Description
Description
Details
Details
- Other Assignee
- bd808
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | nshahquinn-wmf | T331950 Migrate to a new developer account | |||
| In Progress | nshahquinn-wmf | T337484 Create "Neil Shah-Quinn (WMF)" developer account bypassing TitleBlacklist |
Event Timeline
Comment Actions
Account password shared with @nshahquinn-wmf via direct message on the WMF Slack service. This was a necessary workaround for automated password sharing from the MediaWiki side being broken on wikitech.
Comment Actions
I will wait until @nshahquinn-wmf verifies that the new account is working for them before locking the legacy https://wikitech.wikimedia.org/wiki/User:Neil_P._Quinn-WMF account.
Comment Actions
@bd808 thank you very much for your help! 😊
I've got access to the new account but there are a few complications.
- I actually requested nshahquinn-wmf as the shell name (the same as e.g. this Phab account) but the new account has neilshahquinn-wmf instead. I can definitely live with it, but I have a strong desire for nshahquinn-wmf so if it's feasible to fix I would appreciate that. But I know renaming developer accounts is basically impossible, and now my desired Wikitech username is taken so I can imagine there's no solution that doesn't involve a huge amount of work. If that's the case, I can just live with neilshahquinn-wmf
- As you noticed, I have production access currently tied to the old account which I need daily. I want to get that moved over to the new account, but that will take a week or so. Will locking the Wikitech account interfere with that? If not, I'm happy for you to lock it now but otherwise I'll let you know when the production access is transferred.
Comment Actions
My fault, and in this case I think we can fix it. Things get complicated for shell name changes once the Developer account has been used to authenticate into a Cloud VPS project or Gerrit, but before that we should be able to twiddle the bits.
- As you noticed, I have production access currently tied to the old account which I need daily. I want to get that moved over to the new account, but that will take a week or so. Will locking the Wikitech account interfere with that? If not, I'm happy for you to lock it now but otherwise I'll let you know when the production access is transferred.
Locking on Wikitech will not affect production access managed by ops/puppet. It will however affect any authentication attempts via idp.wikimedia.org or direct LDAP queries (logstash, some Analytics tools, etc). It will also lock any Gerrit and Phabricator accounts connected to the Developer account. We don't need to rush to lock the legacy account immediately. You can work though the needed production changes first.
Comment Actions
T337484.ldif
dn: uid=neilshahquinn-wmf,ou=people,dc=wikimedia,dc=org changetype: modify replace: homeDirectory homeDirectory: /home/nshahquinn-wmf dn: uid=neilshahquinn-wmf,ou=people,dc=wikimedia,dc=org changetype: moddn newrdn: uid=nshahquinn-wmf deleteoldrdn: 1
$ ./modify.sh T337484.ldif ldap_initialize( ldap://ldap-rw.eqiad.wikimedia.org:389/??base ) replace homeDirectory: /home/nshahquinn-wmf modifying entry "uid=neilshahquinn-wmf,ou=people,dc=wikimedia,dc=org" modify complete modifying rdn of entry "uid=neilshahquinn-wmf,ou=people,dc=wikimedia,dc=org" new RDN: "uid=nshahquinn-wmf" (do not keep existing values) rename complete $ ldap uid=nshahquinn-wmf cn dn: uid=nshahquinn-wmf,ou=people,dc=wikimedia,dc=org cn: Neil Shah-Quinn (WMF) # pagedresults: cookie= $ ldap uid=neilshahquinn-wmf cn # pagedresults: cookie=
Comment Actions
@nshahquinn-wmf I'm going to assign this task to you while you work on getting the various production things changed. Please assign back to me when you are ready to have your legacy Developer account locked. I will set a reminder for myself to check in with you if I haven't heard back in a couple of weeks.
Comment Actions
Okay, perfect! Thank you so much.
Locking on Wikitech will not affect production access managed by ops/puppet. It will however affect any authentication attempts via idp.wikimedia.org or direct LDAP queries (logstash, some Analytics tools, etc). It will also lock any Gerrit and Phabricator accounts connected to the Developer account. We don't need to rush to lock the legacy account immediately. You can work though the needed production changes first.
Sounds good! I will work on all that and assign this task back to you once it's done.