how to add an account to ud-ldap

Introduction

A Debian Account Manager (DAM) will submit an RT ticket to ask that an account be created for a new member of the Debian Project.

Initially, the RT ticket will be assigned to a Debian Keyring Maintainer (DKM) so that Debian's Keyring may be updated with the user's GPG key.

Subsequently, the RT ticket will be assigned to a Debian System Administrator (DSA) so that Debian's LDAP may be updated.

This HOWTO documents DSA's actions relating to such tickets.

The RT ticket will contain the following details in a GPG-signed message:

Procedure for New Accounts

Step 1: Download the GPG-signed message from RT and verify the signature. Ensure that the message has been signed by a DAM (for a list of DAMs, see https://wiki.debian.org/DAManager or https://www.debian.org/intro/organization).

Step 2: Create an entry in LDAP by executing ud-useradd on draghi.

	you@home~$ ssh db.debian.org
	you@draghi~$ ud-useradd

You will be prompted to enter the fingerprint; the preferred account name; the first, middle and last names; and the forwarding address. Some of these values will be extracted from the GPG key, if available.

Use the @debian.org for the debian-private subscription.

Accept the randomly generated password.

Step 3: Confirm account creation.

Step 4: Resolve the RT ticket. Enter the 'final information collected' emitted by ud-adduser as the message of the resolution action. Carbon copy the forwarding address and da-manager@debian.org.

Step 5: Add a welcome message for the account name to the #debian-devel topic on IRC.

Procedure for Upgrading Guest Accounts

Step 1: same as above

Step 2: Remove the GPG key from guest-keyring.

	you@home~$ sudo apt-get install jetring
	you@home~$ git clone ssh://db.debian.org/git/guest-keyring.git
	you@home~$ cd guest-keyring
	you@home~$ ./del-key <fingerprint>
	you@home~$ git status
	you@home~$ git add debian-guest/delete-<fingerprint substring>
	you@home~$ git commit -a

Step 3: Modify the LDAP entry.

	you@draghi~$ ud-guest-upgrade <account>
	you@draghi~$ ldapmodify -ZZ -x -D uid=$USER,ou=users,dc=debian,dc=org -W -h db.debian.org
                     <paste the ud-guest-upgrade output> ldapvi -ZZ -D uid=<you>,ou=users,ou=debian,ou=org

Step 4: Email welcome-message-Debian to the user, substituting parameters.

Step 5: Resolve the RT ticket. Carbon copy the forwarding address and da-manager@debian.org.