May 18 2018
May 17 2018
I have a meeting with Lisa in recruiting for 1 pm Pacific on Monday, May
- I'll be doing the green house changes with her then. Can we coordinate
for this time or we can reschedule?
May 3 2018
I have verified we can make Organizational Units under people without affecting mail flow, so this good!
Apr 30 2018
Thanks for sending this along. This is a great help. I'm going to read over this, and see if I can make some sub OU's and see if mail still flows.
Apr 28 2018
Apr 23 2018
@Dzahn Can we try this again? We have made the Google and LDAP groups. I think we just have to wait for the "previous cache callout" to expire, then the mail will flow.
Feb 21 2018
Feb 16 2018
Let us know if the "secrets" worked.
Feb 14 2018
I set the email address to the Google Group email@example.com, which I am an Manager of. Who should be a member and receive emails here if they are sent?
Feb 13 2018
I have set this up and can send the secrets. Should I send via PGP or give you an usb in person, or something else? If I'm sending by PGP, can you email your fingerprint?
Feb 12 2018
Adding me to this ticket is fine.
Dec 22 2017
How about if we design a way where Office IT can create the groups that are needed in G-Suite without Ops having to make separate OUs? This way we (Office IT) could have more granular groups in G-Suite, without having to ask Ops for the OUs?
Jul 25 2017
Jun 20 2017
Jun 16 2017
Jun 7 2017
Could we also look at setting up a more restrictive DMARC record for our domain? Has it been considered before?
May 4 2017
I found a workaround to avert our security concerns, and use gmail smtp, because Neil did not need the "reply-to" address to be firstname.lastname@example.org. If the "reply-to" address was needed we would have had to place cn=qualtrics in ou=people, ou=corp, ou=wikimedia, ou=org instead of ou=qualtrics, ou=corp, ou=wikimedia, ou=org so the address would receive mail. The ou=qualtrics, ou=corp, ou=wikimedia, ou=org is not replicated in production LDAP and does not receive mail.
Apr 7 2017
The problem is somewhere in "Google Cloud Directory Sync", then. It appears as if moving a user to a different OU isn't reflected in the LDAP data generated by GCDS
I do not think this is the issue because GCDS does not generate LDAP data and it does not change our LDAP data. The GCDS just queries our LDAP server for users.
ldap1 is running Ubuntu 14.04.5 LTS. Google Cloud Directory Sync , to sync users from LDAP with G-Suite, is hosted on another server. We can not run ldap queries against G-suite, we have to use their Admin API . A standard search, on ldap1, that determines if a employee is with us or not could be run as follows:
Apr 4 2017
Mar 28 2017
I see the value in making a more generic ou address more use cases, but I would rather have an ou that more aligns more with their purpose. These persons will also have access to Google Calendar too. Also, I would like to account for a situation if we were to give these persons more access, for example, Google Drive.
Is it possible for us to modify the replication? We have an ou for ex-employees.
Mar 8 2017
Mar 6 2017
Jan 24 2017
@Dzahn Ricard has the laptop.
Thanks for the nudge @demon !!!
@Krenair Thanks, for the input. I updated ns2 to have those records too.
Jan 23 2017
I updated for these missing records.
Jan 20 2017
I looked at past backups and could not find reverse lookup records going back as far as September, 2013. I started with creating a reverse record for tan1.corp.wikimedia.org and have now added tan[2-4].
Jan 17 2017
With the decision to move to a a new Office, we will not be pursuing infrastructure changes such as this.
Jan 10 2017
Today around 12:00 AM PST our domain was suspended and if you attempted to use any of our google services you would have received an error. It was suspended because Google had "set up billing" for us and it expired today. They "Set Up Billing" for us because we wanted to explore moving to a G-Suite Unlimited plan and this was the only way they could send "terms and conditions". When I received notice at 10:08 PM PST I emailed our representative to make sure our account was not suspended and he assurede me it was not, and opened a support case. However, at 12:00 AM PST it was indeed suspended and services became inaccessible. I called G-suite support numbers but they were unavailable. I was able to fix our issue for now by setting up billing and moving the organization to an unlimited plan.
In the morning I plan on contacting Google, and finding out what happened and how this could have been prevented.
Jan 9 2017
@akosiaris Yes, I can take a look.
Nov 7 2016
Oct 28 2016
Migration to new file server with LDAP integration has been completed.
DNS points to new server and is working properly.
Made sure rsnapshot backups were working correctly for new server.
Sep 27 2016
Sep 26 2016
I made the change to corp LDAP. I have been able to add the wikimediaPerson objectClass and YubiKeyVPN attribute to myself. Can you check if LDAP is still syncing properly?
Sep 23 2016
Awesome. Thank you for the help @MoritzMuehlenhoff . I'll make the changes and let you know if there's any trouble.
Sep 20 2016
Updated Google Group to have members: dmenard and wolliff
Sure. Thanks for the bump.
Sep 19 2016
Update: The sync was getting stuck on person's whom had an yubikey ldap attribute. I added the attribute back, deleted the attribute from the people that had it, and then removed the attribute from the schema. Email is now flowing again to the new entries who were not receiving anything.
I added the yubikey attribute for two-factor -vpn.
Sep 16 2016
Sep 15 2016
Aug 18 2016
Aug 16 2016
Aug 8 2016
Apr 11 2016
Mar 16 2016
We can close this. This was a session with Grace on Phabricator.
Mar 15 2016
RSYNC configured to run at 4 AM every day.
Mar 9 2016
Board@wikimedia.org is a Google Group that sends to board members and wikimedia staff.
Mar 7 2016
Mar 4 2016
@Dzahn Thanks, I just need to make sure they were added to fr-tech
@Dzahn Who was in fr-tech-ops? I can not nest/inherit other groups in Google Groups.
@atgo Do we need fundraiser-2012 or fr-2012?
Mar 3 2016
Found problem to be ports for uplinks to ulsfo were in err-disable. These have been recovered (thanks cajoel), and the links are backup.
What I have found out so far:
Thanks Faidon. I'll troubleshoot, and let you know what I find.
Mar 2 2016
Feb 26 2016
Feb 25 2016