how to lock an account in ud-ldap

Introduction

Per Section 3 of the https://www.debian.org/doc/manuals/developers-reference/ relating to https://www.debian.org/doc/manuals/developers-reference/developer-duties.html, a user is required to submit an RT ticket when retiring from Debian.

Initially, the RT ticket will be assigned to a Debian Keyring Maintainer (DKM). The DKM will remove the user's GPG key from Debian's Keyring.

Subsequently, the RT ticket will be assigned to a Debian System Administrator (DSA) so that Debian's LDAP may be updated.

This HOWTO documents DSA's actions relating to such tickets.

Procedure

Step 1: On the LDAP master (draghi.debian.org), execute ud-lock, specifying the RT ticket number and the username.

For emeritus developers:

	you@home~$ ssh you@draghi.debian.org
	you@draghi~$ ud-lock -r <rt#> <username>

For MIA or otherwise inactive developers:

	you@home~$ ssh you@draghi.debian.org
	you@draghi~$ ud-lock -r <rt#> -s inactive <username>

Step 2: Resolve the RT ticket.

Note that ud-ldap may remove the user's SSH key from systems after the account has been locked, leading to samhain notifications relating to /var/lib/misc/userkeys on affected hosts.