From a27c8b00ebf173659f22f53ce65679e94e7dfb1b Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 11:19:41 +0200 Subject: Adding upstream version 2022.12.24. Signed-off-by: Daniel Baumann --- cheatsheets/infrastructure/ldap.txt | 53 +++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 cheatsheets/infrastructure/ldap.txt (limited to 'cheatsheets/infrastructure/ldap.txt') diff --git a/cheatsheets/infrastructure/ldap.txt b/cheatsheets/infrastructure/ldap.txt new file mode 100644 index 0000000..c0b63ee --- /dev/null +++ b/cheatsheets/infrastructure/ldap.txt @@ -0,0 +1,53 @@ +We can now directly update LDAP records - That means that key updates +can now be handled directly by us. There are several tools that can be +used for this purpose - I'm using ud-info. For this, I have to use the +Debian password (and given I dislike passwords, I always regenerate it +by following http://db.debian.org/password.html and throwing it away). + +keyring-maint has access to updating DD keys, but _not_ to change +their account status - That is, creating new DD accounts and retiring +DDs requires reassigning the tickets to DSA. + +To edit a DD's entry, we specify his username - In this case, I will +edit Julien Danjou (acid)'s record (only the first couple of lines +shown), and a short menu of actions: + +$ ud-info -r -u acid +Accessing LDAP entry for 'acid' as 'gwolf' +gwolf's password: + +Julien Danjou +Password last changed : Mon 13/10/2008 UTC +PGP/GPG Key Fingerprints: 9A0D 5FD9 EB42 22F6 8974 C95C A462 B51E C2FE E5CD + Unix User ID : 'acid' (id=2491, gid=800) +(...) + a) Arbitary Change + r) retire developer + R) Randomize Password + L) Lock account and disable mail + p) Change Password + u) Switch Users + x) Exit + +We request an arbitrary change for the "keyfingerprint" +attribute. Note that it appears as empty - Disregardl + +Change? a +Attr? keyfingerprint +Old value: '' +Press enter to leave unchanged and a single space to set to empty +New? 5361 BD40 015B 7438 2739 101A 611B A950 8B78 A5C2 +Setting. + +The record will be shown again. Note that the old key will still be +shown! You can switch user ('u') to the same user again and verify the +change is in place. + + +*** Helper script helps! + + The parse-git-changelog script will generate a ldap-update + file. Each line contains the updates for a user: Debian login, + old key fingerprint, new key fingerprint. + + Following that file is a real time saver for this step! :) -- cgit v1.2.3