how to add an account to ud-ldap

Introduction

A Debian Account Manager (DAM) or NM Front Desk member (FD) will submit an RT ticket to ask that an account be created for a new member of the Debian Project.

Initially, the RT ticket will be assigned to a Debian Keyring Maintainer (DKM) so that Debian's Keyring may be updated with the user's GPG key.

Subsequently, the RT ticket will be assigned to a Debian System Administrator (DSA) so that Debian's LDAP may be updated.

This HOWTO documents DSA's actions relating to such tickets.

The RT ticket will contain the following details in a GPG-signed message:

Procedure for New Accounts

Step 1: Download the GPG-signed message from RT and verify the signature. Ensure that the message has been signed by a DAM or FD (for a list of members, see https://www.debian.org/intro/organization).

Step 2: Create an entry in LDAP by executing ud-useradd on draghi.

	you@home~$ ssh db.debian.org
	you@draghi~$ ud-useradd

You will be prompted to enter the fingerprint; the preferred account name; the first, middle and last names; and the forwarding address. Some of these values will be extracted from the GPG key, if available.

Use the @debian.org for the debian-private subscription.

Accept the randomly generated password.

Step 3: Confirm account creation.

Step 4: Resolve the RT ticket. Enter the 'final information collected' emitted by ud-useradd as the message of the resolution action. Carbon copy the forwarding address and da-manager@debian.org.

Step 5: Add a welcome message for the account name to the #debian-devel topic on IRC.

Procedure for Moving an Account Between Uploading and Non-Uploading

These moves do not require any changes in LDAP, so the ticket can simply be resolved once it has been assigned to DSA.

Procedure for Upgrading Guest Accounts

Step 1: same as above

Step 2: Remove the GPG key from guest-keyring. Note that this step is not required if the user is currently a "Debian Maintainer with guest account", as their key is (or was) in the DM keyring, not the guest keyring.

	you@home~$ sudo apt-get install jetring
	you@home~$ git clone git@ubergit.debian.org:dsa/guest-keyring
	you@home~$ cd guest-keyring
	you@home~$ ./del-key <fingerprint>
	you@home~$ git status
	you@home~$ git add debian-guest/delete-<fingerprint substring>
	you@home~$ git commit -a
	you@home~$ git push

Step 3: Modify the LDAP entry.

	you@draghi~$ ud-guest-upgrade <account>
	you@draghi~$ ldapmodify -ZZ -x -D uid=$USER,ou=users,dc=debian,dc=org -W -h db.debian.org
                     <paste the ud-guest-upgrade output>

Step 4: Email welcome-message-Debian to the user, substituting parameters.

Step 5: Resolve the RT ticket. Carbon copy the forwarding address and da-manager@debian.org.

Step 6: Add a welcome message for the account name to the #debian-devel topic on IRC.