summaryrefslogtreecommitdiffstats
path: root/cheatsheets/infrastructure/ldap.txt
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--cheatsheets/infrastructure/ldap.txt53
1 files changed, 53 insertions, 0 deletions
diff --git a/cheatsheets/infrastructure/ldap.txt b/cheatsheets/infrastructure/ldap.txt
new file mode 100644
index 0000000..c0b63ee
--- /dev/null
+++ b/cheatsheets/infrastructure/ldap.txt
@@ -0,0 +1,53 @@
+We can now directly update LDAP records - That means that key updates
+can now be handled directly by us. There are several tools that can be
+used for this purpose - I'm using ud-info. For this, I have to use the
+Debian password (and given I dislike passwords, I always regenerate it
+by following http://db.debian.org/password.html and throwing it away).
+
+keyring-maint has access to updating DD keys, but _not_ to change
+their account status - That is, creating new DD accounts and retiring
+DDs requires reassigning the tickets to DSA.
+
+To edit a DD's entry, we specify his username - In this case, I will
+edit Julien Danjou (acid)'s record (only the first couple of lines
+shown), and a short menu of actions:
+
+$ ud-info -r -u acid
+Accessing LDAP entry for 'acid' as 'gwolf'
+gwolf's password:
+
+Julien Danjou <acid@debian.org>
+Password last changed : Mon 13/10/2008 UTC
+PGP/GPG Key Fingerprints: 9A0D 5FD9 EB42 22F6 8974 C95C A462 B51E C2FE E5CD
+ Unix User ID : 'acid' (id=2491, gid=800)
+(...)
+ a) Arbitary Change
+ r) retire developer
+ R) Randomize Password
+ L) Lock account and disable mail
+ p) Change Password
+ u) Switch Users
+ x) Exit
+
+We request an arbitrary change for the "keyfingerprint"
+attribute. Note that it appears as empty - Disregardl
+
+Change? a
+Attr? keyfingerprint
+Old value: ''
+Press enter to leave unchanged and a single space to set to empty
+New? 5361 BD40 015B 7438 2739 101A 611B A950 8B78 A5C2
+Setting.
+
+The record will be shown again. Note that the old key will still be
+shown! You can switch user ('u') to the same user again and verify the
+change is in place.
+
+
+*** Helper script helps!
+
+ The parse-git-changelog script will generate a ldap-update
+ file. Each line contains the updates for a user: Debian login,
+ old key fingerprint, new key fingerprint.
+
+ Following that file is a real time saver for this step! :)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-13 19:50:30 +0000