Page MenuHomePhabricator
Projects LDAP

LDAPTag
ActivePublic
Watch Project

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol

Recent Activity
View All

Tue, Sep 17

MoritzMuehlenhoff closed T201779: Have a check to prevent non-existent accounts from being added to LDAP groups as Resolved.

These days we have Bitu running on idm.wikimedia.org and we're in the process of moving access requests into it (early code has already landed). When this is all properly finished, the process of requesting access to an LDAP group, the approval by the service owner and the eventual addition to the group will all happen within idm.wikimedia.org for fixed, pre-defined groups. This solves the problem reported here, marking it as resolved even though we're not fully done yet.

Tue, Sep 17, 8:18 AM · Infrastructure-Foundations, User-MoritzMuehlenhoff, Security, LDAP, SRE

Sat, Sep 14

Bugreporter added a comment to T374700: Wikimedia Developer Account to Wikimedia Unified Login Requests.

Is https://wikitech.wikimedia.org/wiki/Wikitech:Rename_requests and this task really necessary? We already have ways to connect LDAP and SUL accounts with different names (in Bitu).

Sat, Sep 14, 5:57 PM · LDAP

Fri, Sep 13

Bugreporter added a project to T374700: Wikimedia Developer Account to Wikimedia Unified Login Requests: LDAP.
Fri, Sep 13, 12:41 PM · LDAP

Thu, Aug 29

Andrew lowered the priority of T373462: Horizon: use idm for 2fa validation instead of wikitech from High to Low.

We are probably skipping ahead to idp auth.

Thu, Aug 29, 2:46 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
Andrew claimed T373462: Horizon: use idm for 2fa validation instead of wikitech.
Thu, Aug 29, 2:45 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
Andrew triaged T373461: Striker: use idm for 2fa validation instead of wikitech as Low priority.

I'm not quite ready to close this as invalid but I'm dropping the priority since we are probably not doing it!

Thu, Aug 29, 2:45 PM · LDAP, cloud-services-team, wikitech.wikimedia.org

Tue, Aug 27

Andrew updated subscribers of T373461: Striker: use idm for 2fa validation instead of wikitech.

I'm definitely going in circles here, but @bd808 suggests that we just skip ahead to https://phabricator.wikimedia.org/T359554 and let striker run without 2fa until 2fa is enabled in CAS. That would at least stop me being confused about what the intermediate steps are in all this.

Tue, Aug 27, 5:15 PM · LDAP, cloud-services-team, wikitech.wikimedia.org
gerritbot added a comment to T373462: Horizon: use idm for 2fa validation instead of wikitech.

Change #1064481 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] openstack keystone: switch to idmtotp for 2fa

https://gerrit.wikimedia.org/r/1064481

Tue, Aug 27, 4:40 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
gerritbot added a project to T373462: Horizon: use idm for 2fa validation instead of wikitech: Patch-For-Review.
Tue, Aug 27, 4:40 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
gerritbot added a comment to T373462: Horizon: use idm for 2fa validation instead of wikitech.

Change #1064480 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] openstack keystone: add a new auth plugin to validate totp tokens against idm

https://gerrit.wikimedia.org/r/1064480

Tue, Aug 27, 4:40 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
Andrew added a comment to T373461: Striker: use idm for 2fa validation instead of wikitech.

Simon writes:

Tue, Aug 27, 4:38 PM · LDAP, cloud-services-team, wikitech.wikimedia.org
Andrew created T373462: Horizon: use idm for 2fa validation instead of wikitech.
Tue, Aug 27, 4:38 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
Andrew created T373461: Striker: use idm for 2fa validation instead of wikitech.
Tue, Aug 27, 4:36 PM · LDAP, cloud-services-team, wikitech.wikimedia.org
Andrew removed a subtask for T359551: Replace wikitech as source of two-factor auth protection for developer accounts: T359590: Use IDP for authentication in Horizon.
Tue, Aug 27, 4:34 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
Andrew removed a subtask for T359551: Replace wikitech as source of two-factor auth protection for developer accounts: T359554: Use IDP for authentication in Striker.
Tue, Aug 27, 4:33 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org

Aug 21 2024

gerritbot added a comment to T359551: Replace wikitech as source of two-factor auth protection for developer accounts.

Change #1064481 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] openstack keystone: switch to idmtotp for 2fa

https://gerrit.wikimedia.org/r/1064481

Aug 21 2024, 9:59 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
gerritbot added a project to T359551: Replace wikitech as source of two-factor auth protection for developer accounts: Patch-For-Review.
Aug 21 2024, 9:59 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
gerritbot added a comment to T359551: Replace wikitech as source of two-factor auth protection for developer accounts.

Change #1064480 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] openstack keystone: add a new auth plugin to validate totp tokens against idm

https://gerrit.wikimedia.org/r/1064480

Aug 21 2024, 9:59 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
joanna_borun placed T359551: Replace wikitech as source of two-factor auth protection for developer accounts up for grabs.
Aug 21 2024, 2:33 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
Andrew claimed T359551: Replace wikitech as source of two-factor auth protection for developer accounts.
Aug 21 2024, 2:33 PM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org

Aug 10 2024

taavi closed T214541: python3-ldap3 mixed versions and future traps as Resolved.

Boldly closing this a few years later :-)

Aug 10 2024, 10:09 AM · cloud-services-team, LDAP, Toolforge

Aug 5 2024

SLyngshede-WMF changed the status of T359820: Developer Account Blocking: Migrate the one-stop Developer (un)Blocking from Wikitech to Bitu, a subtask of T367287: Update Wikitech's LDAP credentials to be read-only, from Open to In Progress.
Aug 5 2024, 11:38 AM · Patch-For-Review, Infrastructure-Foundations, cloud-services-team, LDAP, wikitech.wikimedia.org

Jul 30 2024

jijiki removed a parent task for T359551: Replace wikitech as source of two-factor auth protection for developer accounts: T363125: sustainability of wikitech.wikimedia.org.
Jul 30 2024, 10:05 AM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org

Jul 29 2024

jijiki added a parent task for T367287: Update Wikitech's LDAP credentials to be read-only: T189531: All Wikimedia developer services should use single sign-on.
Jul 29 2024, 10:16 PM · Patch-For-Review, Infrastructure-Foundations, cloud-services-team, LDAP, wikitech.wikimedia.org

Jul 24 2024

joanna_borun triaged T306623: Remove obsolete LDAP schemas as Low priority.
Jul 24 2024, 2:26 PM · cloud-services-team, Technical-Debt, Cloud-VPS, LDAP

Jul 22 2024

GTrang closed T238893: Merge developer accounts for Riley Huntley as Invalid.

Merging Wikitech accounts is not technically possible.

Jul 22 2024, 2:40 PM · wikitech.wikimedia.org, LDAP
GTrang closed T279927: Rename LDAP account to "Chlod" as Declined.

Per the note at the top of https://wikitech.wikimedia.org/wiki/SRE/LDAP/Renaming_users, we no longer rename LDAP accounts.

Jul 22 2024, 2:38 PM · wikitech.wikimedia.org, LDAP
GTrang closed T260647: Rename account Zoranzoki21 to Kizule on Gerrit as Declined.

Per the note at the top of https://wikitech.wikimedia.org/wiki/SRE/LDAP/Renaming_users, we no longer rename LDAP accounts.

Jul 22 2024, 2:21 PM · Gerrit, wikitech.wikimedia.org, LDAP

Jul 10 2024

Maintenance_bot removed a project from T359551: Replace wikitech as source of two-factor auth protection for developer accounts: Patch-For-Review.
Jul 10 2024, 8:30 AM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
gerritbot added a comment to T359551: Replace wikitech as source of two-factor auth protection for developer accounts.

Change #1052085 merged by Slyngshede:

[operations/software/bitu@master] MediaWiki: Allow Bitu to be used as a 2FA proxy.

https://gerrit.wikimedia.org/r/1052085

Jul 10 2024, 8:03 AM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org

Jul 4 2024

gerritbot added a project to T359551: Replace wikitech as source of two-factor auth protection for developer accounts: Patch-For-Review.
Jul 4 2024, 11:17 AM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org
gerritbot added a comment to T359551: Replace wikitech as source of two-factor auth protection for developer accounts.

Change #1052085 had a related patch set uploaded (by Slyngshede; author: Slyngshede):

[operations/software/bitu@master] MediaWiki: Allow Bitu to be used as a 2FA proxy.

https://gerrit.wikimedia.org/r/1052085

Jul 4 2024, 11:17 AM · Patch-For-Review, LDAP, cloud-services-team, wikitech.wikimedia.org

Jun 27 2024

MoritzMuehlenhoff claimed T355663: Allocate more available UNIX UIDs for human users.

I'll take care of this when I'm back from sabbatical

Jun 27 2024, 9:08 AM · User-MoritzMuehlenhoff, Bitu, Infrastructure-Foundations, cloud-services-team, LDAP

Jun 26 2024

taavi removed a watcher for LDAP: taavi.
Jun 26 2024, 9:40 AM

Jun 25 2024

taavi placed T367287: Update Wikitech's LDAP credentials to be read-only up for grabs.
Jun 25 2024, 3:37 PM · Patch-For-Review, Infrastructure-Foundations, cloud-services-team, LDAP, wikitech.wikimedia.org
Maintenance_bot removed a project from T367490: Split out ldap management from mwmaint: Patch-For-Review.
Jun 25 2024, 1:31 PM · LDAP, Infrastructure-Foundations, SRE
gerritbot added a comment to T367490: Split out ldap management from mwmaint.

Change #1049536 merged by Muehlenhoff:

[operations/puppet@production] offboard-user: New -H for ldapmodify

https://gerrit.wikimedia.org/r/1049536

Jun 25 2024, 12:49 PM · LDAP, Infrastructure-Foundations, SRE
gerritbot added a project to T367490: Split out ldap management from mwmaint: Patch-For-Review.
Jun 25 2024, 12:38 PM · LDAP, Infrastructure-Foundations, SRE
gerritbot added a comment to T367490: Split out ldap management from mwmaint.

Change #1049536 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] offboard-user: New -H for ldapmodify

https://gerrit.wikimedia.org/r/1049536

Jun 25 2024, 12:38 PM · LDAP, Infrastructure-Foundations, SRE

Jun 19 2024

taavi added a comment to T355663: Allocate more available UNIX UIDs for human users.

Currently the highest number in use is 47058. So that's 1081 accounts in the 148 days since I created this task, or about 7.3 accounts per day. Assuming a similar rate of growth we're looking at running out of numbers in about 400 days, which would be late July next calendar year.

Jun 19 2024, 11:22 AM · User-MoritzMuehlenhoff, Bitu, Infrastructure-Foundations, cloud-services-team, LDAP
Maintenance_bot removed a project from T367490: Split out ldap management from mwmaint: Patch-For-Review.
Jun 19 2024, 8:30 AM · LDAP, Infrastructure-Foundations, SRE
gerritbot added a comment to T367490: Split out ldap management from mwmaint.

Change #1046596 merged by Muehlenhoff:

[operations/puppet@production] Drop ldap-admins access group from mwmaint hosts

https://gerrit.wikimedia.org/r/1046596

Jun 19 2024, 8:20 AM · LDAP, Infrastructure-Foundations, SRE
taavi closed T161553: Remove OpenStackManager from Wikitech, a subtask of T367287: Update Wikitech's LDAP credentials to be read-only, as Resolved.
Jun 19 2024, 5:54 AM · Patch-For-Review, Infrastructure-Foundations, cloud-services-team, LDAP, wikitech.wikimedia.org

Jun 17 2024

MoritzMuehlenhoff triaged T367287: Update Wikitech's LDAP credentials to be read-only as Medium priority.
Jun 17 2024, 2:06 PM · Patch-For-Review, Infrastructure-Foundations, cloud-services-team, LDAP, wikitech.wikimedia.org
MoritzMuehlenhoff closed T367490: Split out ldap management from mwmaint as Resolved.

The LDAP management parts have been split off to the new ldap-maint1001/ldap-maint2001 hosts.

Jun 17 2024, 8:50 AM · LDAP, Infrastructure-Foundations, SRE
gerritbot added a comment to T367490: Split out ldap management from mwmaint.

Change #1046592 merged by Muehlenhoff:

[operations/puppet@production] Disable openldap::management timers on mwmaint hosts

https://gerrit.wikimedia.org/r/1046592

Jun 17 2024, 8:32 AM · LDAP, Infrastructure-Foundations, SRE
gerritbot added a comment to T367490: Split out ldap management from mwmaint.

Change #1046594 merged by Muehlenhoff:

[operations/puppet@production] profile::openldap::management: Remove support for buster

https://gerrit.wikimedia.org/r/1046594

Jun 17 2024, 8:29 AM · LDAP, Infrastructure-Foundations, SRE
gerritbot added a comment to T367490: Split out ldap management from mwmaint.

Change #1046596 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Drop ldap-admins access group from mwmaint hosts

https://gerrit.wikimedia.org/r/1046596

Jun 17 2024, 8:13 AM · LDAP, Infrastructure-Foundations, SRE
gerritbot added a comment to T367490: Split out ldap management from mwmaint.

Change #1046594 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] profile::openldap::management: Remove support for buster

https://gerrit.wikimedia.org/r/1046594

Jun 17 2024, 8:10 AM · LDAP, Infrastructure-Foundations, SRE
gerritbot added a comment to T367490: Split out ldap management from mwmaint.

Change #1046592 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Disable openldap::management timers on mwmaint hosts

https://gerrit.wikimedia.org/r/1046592

Jun 17 2024, 7:58 AM · LDAP, Infrastructure-Foundations, SRE
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits