how to add an account to ud-ldap
A Debian Account Manager (DAM) will submit an RT ticket to ask that an account be created for a new member of the Debian Project.
Initially, the RT ticket will be assigned to a Debian Keyring Maintainer (DKM) so that Debian's Keyring may be updated with the user's GPG key.
Subsequently, the RT ticket will be assigned to a Debian System Administrator (DSA) so that Debian's LDAP may be updated.
This HOWTO documents DSA's actions relating to such tickets.
The RT ticket will contain the following details in a GPG-signed message:
- the user's account type ("uploading DD")
- the user's GPG key fingerprint
- the user's full name (first name, middle name, last name)
- the user's forwarding address
- the user's preferred account name
Procedure for New Accounts
Step 1: Download the GPG-signed message from RT and verify the signature. Ensure that the message has been signed by a DAM (for a list of DAMs, see https://wiki.debian.org/DAManager or https://www.debian.org/intro/organization).
Step 2: Create an entry in LDAP by executing ud-useradd on draghi.
you@home~$ ssh db.debian.org you@draghi~$ ud-useradd
You will be prompted to enter the fingerprint; the preferred account name; the first, middle and last names; and the forwarding address. Some of these values will be extracted from the GPG key, if available.
Use the @debian.org for the debian-private subscription.
Accept the randomly generated password.
Step 3: Confirm account creation.
Step 4: Resolve the RT ticket. Enter the 'final information collected' emitted by ud-adduser as the message of the resolution action. Carbon copy the forwarding address and email@example.com.
Step 5: Add a welcome message for the account name to the #debian-devel topic on IRC.
Procedure for Upgrading Guest Accounts
Step 1: same as above
Step 2: Remove the GPG key from guest-keyring.
you@home~$ sudo apt-get install jetring you@home~$ git clone ssh://db.debian.org/git/guest-keyring.git you@home~$ cd guest-keyring you@home~$ ./del-key <fingerprint> you@home~$ git status you@home~$ git add debian-guest/delete-<fingerprint substring> you@home~$ git commit -a
Step 3: Modify the LDAP entry.
you@draghi~$ ud-guest-upgrade <account> you@draghi~$ ldapmodify -ZZ -x -D uid=$USER,ou=users,dc=debian,dc=org -W -h db.debian.org <paste the ud-guest-upgrade output> ldapvi -ZZ -D uid=<you>,ou=users,ou=debian,ou=org
Step 4: Email welcome-message-Debian to the user, substituting parameters.
Step 5: Resolve the RT ticket. Carbon copy the forwarding address and firstname.lastname@example.org.