Page MenuHomePhabricator
Projects LDAP-Access-Requests

LDAP-Access-RequestsComponent
ActivePublic
Watch Project

Members (7)

Watchers (10)

Details

Description

This workboard represents access requests for LDAP groups, including the ldap/wmf group which controls access in Gerrit, Logstash, and various other developer tools.

Click here to start creating your request

Please include:

  • Username: (The user name used on Wikitech.)
  • Shell access: Yes/No (Whether you currently have shell access).
  • Purpose: (Specify which service you need to get access to, e.g. Icinga, Grafana, Superset etc).
  • Group: (The specific group you want to be added to - optional).
  • Contract end date: End date of contract (Contractors only)
  • Contract contact: Contact person for the contractor (Contractors only)

Refer to https://wikitech.wikimedia.org/wiki/LDAP/Groups for documentation on what each LDAP group is for.

How to create a LDAP account?

For LDAP admins only, how to process a request?

Recent Activity
View All

Yesterday

hashar added a comment to T373969: Requesting access to `contint-admins`, `contint-docker`, LDAP `ciadmin` for 'Arthur taylor'.

@Ladsgroup Arthur already has shell access to production (since January and https://gerrit.wikimedia.org/r/c/operations/puppet/+/991743 ), there is no need to change the SSH key.

Thu, Sep 19, 7:21 AM · LDAP-Access-Requests, Continuous-Integration-Infrastructure, SRE, SRE-Access-Requests
ArthurTaylor added a comment to T373969: Requesting access to `contint-admins`, `contint-docker`, LDAP `ciadmin` for 'Arthur taylor'.

Are there any additional steps I need to take here? Can we do anything to unblock this request?

Thu, Sep 19, 7:05 AM · LDAP-Access-Requests, Continuous-Integration-Infrastructure, SRE, SRE-Access-Requests

Mon, Sep 16

Dzahn renamed T374673: Vacation coverage for Katie Francis (route NDA requests to Rachel until September 30) from Vacation coverage for Katie Francis (route NDA requests to Rachel until September 27) to Vacation coverage for Katie Francis (route NDA requests to Rachel until September 30).
Mon, Sep 16, 7:10 PM · SRE, LDAP-Access-Requests, SRE-Access-Requests
Dzahn set Due Date to Mon, Sep 30, 7:00 AM on T374673: Vacation coverage for Katie Francis (route NDA requests to Rachel until September 30).
Mon, Sep 16, 7:10 PM · SRE, LDAP-Access-Requests, SRE-Access-Requests
Dzahn renamed T374673: Vacation coverage for Katie Francis (route NDA requests to Rachel until September 30) from Vacation coverage for Katie Francis to Vacation coverage for Katie Francis (route NDA requests to Rachel until September 27).
Mon, Sep 16, 6:49 PM · SRE, LDAP-Access-Requests, SRE-Access-Requests
Vgutierrez closed T374595: LDAP access to the wmf group for Cyndywikime as Declined.

After double checking that I get the very same errors as @Cyndymediawiksim it looks like it's an issue with that specific superset dashboard, not related to @Cyndymediawiksim user

Mon, Sep 16, 1:40 PM · SRE, LDAP-Access-Requests
Cyndymediawiksim added a comment to T374595: LDAP access to the wmf group for Cyndywikime.

Hi @Vgutierrez , yes am having issues accessing superset on https://superset.wikimedia.org. See attached image below :

Mon, Sep 16, 11:29 AM · SRE, LDAP-Access-Requests
Vgutierrez reassigned T374595: LDAP access to the wmf group for Cyndywikime from Vgutierrez to Cyndymediawiksim.
Mon, Sep 16, 10:09 AM · SRE, LDAP-Access-Requests
Vgutierrez claimed T374595: LDAP access to the wmf group for Cyndywikime.
Mon, Sep 16, 10:09 AM · SRE, LDAP-Access-Requests
Vgutierrez changed the status of T374595: LDAP access to the wmf group for Cyndywikime from Open to Stalled.

idp configuration states that wmf membership is enough to access superset (https://gerrit.wikimedia.org/r/plugins/gitiles/operations/puppet/+/refs/heads/production/hieradata/role/common/idp.yaml#206) and as already mentioned @Cyndymediawiksim is already member of wmf:

Wikitech: User:Cyndywikime
Shell username: cyndywikime
Email: csimiyu at wikimedia dot org
User ID: 40557
Account created: 20220802154524Z
Groups
Groups that begin with project- refer to Cloud VPS projects.
Mon, Sep 16, 10:07 AM · SRE, LDAP-Access-Requests
hashar added a comment to T373969: Requesting access to `contint-admins`, `contint-docker`, LDAP `ciadmin` for 'Arthur taylor'.
In T373969#10147944, @ArthurTaylor wrote:

Yup. I have it noted as my production key. I don't have a clear picture of what's WMCS, what's "production", and what's CI infrastructure. If it makes sense and is permitted to use the same key for CI as for Prod, then let's do that. I don't think I have a WMCS key in that case.

Mon, Sep 16, 9:45 AM · LDAP-Access-Requests, Continuous-Integration-Infrastructure, SRE, SRE-Access-Requests
ArthurTaylor added a comment to T373969: Requesting access to `contint-admins`, `contint-docker`, LDAP `ciadmin` for 'Arthur taylor'.

Yup. I have it noted as my production key. I don't have a clear picture of what's WMCS, what's "production", and what's CI infrastructure. If it makes sense and is permitted to use the same key for CI as for Prod, then let's do that. I don't think I have a WMCS key in that case.

Mon, Sep 16, 9:31 AM · LDAP-Access-Requests, Continuous-Integration-Infrastructure, SRE, SRE-Access-Requests
Ladsgroup added a comment to T373969: Requesting access to `contint-admins`, `contint-docker`, LDAP `ciadmin` for 'Arthur taylor'.

That ssh key is your production key not WMCS.

Mon, Sep 16, 9:25 AM · LDAP-Access-Requests, Continuous-Integration-Infrastructure, SRE, SRE-Access-Requests
ArthurTaylor added a comment to T373969: Requesting access to `contint-admins`, `contint-docker`, LDAP `ciadmin` for 'Arthur taylor'.

I'm happy to use ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/OQjQqWzDvDCW9JNQxNAXEwlJ1BL2DCQHItZMxZELH and would prefer that. I wasn't sure if the "must be a separate key from Wikimedia cloud SSH access" meant I needed a new key here.

Mon, Sep 16, 8:57 AM · LDAP-Access-Requests, Continuous-Integration-Infrastructure, SRE, SRE-Access-Requests

Fri, Sep 13

Dzahn placed T374673: Vacation coverage for Katie Francis (route NDA requests to Rachel until September 30) up for grabs.
Fri, Sep 13, 5:49 PM · SRE, LDAP-Access-Requests, SRE-Access-Requests
Maintenance_bot removed a project from T374595: LDAP access to the wmf group for Cyndywikime: Patch-For-Review.
Fri, Sep 13, 3:30 PM · SRE, LDAP-Access-Requests
Ladsgroup added a comment to T374595: LDAP access to the wmf group for Cyndywikime.

You seem to be already in wmf ldap group? https://ldap.toolforge.org/user/cyndywikime

Fri, Sep 13, 2:57 PM · SRE, LDAP-Access-Requests
gerritbot added a comment to T374595: LDAP access to the wmf group for Cyndywikime.

Change #1072758 abandoned by Ladsgroup:

[operations/puppet@production] admin: Add Cyndywikime to ldap only users

Reason:

Already there.

https://gerrit.wikimedia.org/r/1072758

Fri, Sep 13, 2:53 PM · SRE, LDAP-Access-Requests
gerritbot added a project to T374595: LDAP access to the wmf group for Cyndywikime: Patch-For-Review.
Fri, Sep 13, 2:43 PM · SRE, LDAP-Access-Requests
gerritbot added a comment to T374595: LDAP access to the wmf group for Cyndywikime.

Change #1072758 had a related patch set uploaded (by Ladsgroup; author: Amir Sarabadani):

[operations/puppet@production] admin: Add Cyndywikime to ldap only users

https://gerrit.wikimedia.org/r/1072758

Fri, Sep 13, 2:43 PM · SRE, LDAP-Access-Requests
Ladsgroup added a comment to T373969: Requesting access to `contint-admins`, `contint-docker`, LDAP `ciadmin` for 'Arthur taylor'.

The ssh key you provided here is different the existing one in the admin file. It's ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/OQjQqWzDvDCW9JNQxNAXEwlJ1BL2DCQHItZMxZELH [email protected]. Do you want to change it or add a new one or the old ssh key is good?

Fri, Sep 13, 2:35 PM · LDAP-Access-Requests, Continuous-Integration-Infrastructure, SRE, SRE-Access-Requests
Ladsgroup updated the task description for T373969: Requesting access to `contint-admins`, `contint-docker`, LDAP `ciadmin` for 'Arthur taylor'.
Fri, Sep 13, 2:31 PM · LDAP-Access-Requests, Continuous-Integration-Infrastructure, SRE, SRE-Access-Requests
Ladsgroup updated the task description for T373969: Requesting access to `contint-admins`, `contint-docker`, LDAP `ciadmin` for 'Arthur taylor'.
Fri, Sep 13, 2:31 PM · LDAP-Access-Requests, Continuous-Integration-Infrastructure, SRE, SRE-Access-Requests
hashar changed the status of T373969: Requesting access to `contint-admins`, `contint-docker`, LDAP `ciadmin` for 'Arthur taylor' from Stalled to Open.
Fri, Sep 13, 8:59 AM · LDAP-Access-Requests, Continuous-Integration-Infrastructure, SRE, SRE-Access-Requests

Thu, Sep 12

Maintenance_bot added a project to T374673: Vacation coverage for Katie Francis (route NDA requests to Rachel until September 30): SRE.
Thu, Sep 12, 11:29 PM · SRE, LDAP-Access-Requests, SRE-Access-Requests
Dzahn added a comment to T374673: Vacation coverage for Katie Francis (route NDA requests to Rachel until September 30).

Thanks for this @KFrancis

Thu, Sep 12, 10:41 PM · SRE, LDAP-Access-Requests, SRE-Access-Requests
Dzahn added projects to T374673: Vacation coverage for Katie Francis (route NDA requests to Rachel until September 30): SRE-Access-Requests, LDAP-Access-Requests.
Thu, Sep 12, 10:41 PM · SRE, LDAP-Access-Requests, SRE-Access-Requests
thcipriani added a comment to T373969: Requesting access to `contint-admins`, `contint-docker`, LDAP `ciadmin` for 'Arthur taylor'.
In T373969#10130953, @Ladsgroup wrote:

This week's clinic duty taking over. Waiting for Tyler's approval.

Thu, Sep 12, 9:41 PM · LDAP-Access-Requests, Continuous-Integration-Infrastructure, SRE, SRE-Access-Requests
hashar added a comment to T373969: Requesting access to `contint-admins`, `contint-docker`, LDAP `ciadmin` for 'Arthur taylor'.

I have let @thcipriani know about this task.

Thu, Sep 12, 8:18 PM · LDAP-Access-Requests, Continuous-Integration-Infrastructure, SRE, SRE-Access-Requests
Maintenance_bot removed a project from T374008: Grant Access to ldap/wmde, ldap/nda for Philippe Saade: Patch-For-Review.
Thu, Sep 12, 2:31 PM · SRE, LDAP-Access-Requests
Ladsgroup closed T374008: Grant Access to ldap/wmde, ldap/nda for Philippe Saade as Resolved.

https://ldap.toolforge.org/user/philippesaade

Thu, Sep 12, 1:55 PM · SRE, LDAP-Access-Requests
gerritbot added a comment to T374008: Grant Access to ldap/wmde, ldap/nda for Philippe Saade.

Change #1072308 merged by Ladsgroup:

[operations/puppet@production] admin: Add Philippe Saade to ldap_only_users

https://gerrit.wikimedia.org/r/1072308

Thu, Sep 12, 1:40 PM · SRE, LDAP-Access-Requests
Ladsgroup closed T374386: Grant Access to wmf for EChukwukere-WMF as Resolved.

https://ldap.toolforge.org/user/echukwukere

Thu, Sep 12, 1:40 PM · SRE, LDAP-Access-Requests
Maintenance_bot removed a project from T374386: Grant Access to wmf for EChukwukere-WMF: Patch-For-Review.
Thu, Sep 12, 1:31 PM · SRE, LDAP-Access-Requests
gerritbot added a comment to T374386: Grant Access to wmf for EChukwukere-WMF.

Change #1072311 merged by Ladsgroup:

[operations/puppet@production] admin: Add echukwukere to ldap_only_users

https://gerrit.wikimedia.org/r/1072311

Thu, Sep 12, 1:20 PM · SRE, LDAP-Access-Requests
Maintenance_bot added a project to T374595: LDAP access to the wmf group for Cyndywikime: SRE.
Thu, Sep 12, 8:29 AM · SRE, LDAP-Access-Requests
Cyndymediawiksim added a comment to T374595: LDAP access to the wmf group for Cyndywikime.

@Aklapper , yes.sorry about that! Updated :)

Thu, Sep 12, 8:03 AM · SRE, LDAP-Access-Requests
Cyndymediawiksim renamed T374595: LDAP access to the wmf group for Cyndywikime from LDAP access to the wmf group for for Cyndywikime to LDAP access to the wmf group for Cyndywikime.
Thu, Sep 12, 8:03 AM · SRE, LDAP-Access-Requests
Cyndymediawiksim renamed T374595: LDAP access to the wmf group for Cyndywikime from Grant Access to analytics-privatedata-users for Cyndywikime to LDAP access to the wmf group for for Cyndywikime.
Thu, Sep 12, 8:02 AM · SRE, LDAP-Access-Requests
Aklapper added a comment to T374595: LDAP access to the wmf group for Cyndywikime.

@Cyndymediawiksim: Hi, is the group mentioned in the task title a typo?

Thu, Sep 12, 7:56 AM · SRE, LDAP-Access-Requests
Cyndymediawiksim created T374595: LDAP access to the wmf group for Cyndywikime.
Thu, Sep 12, 7:30 AM · SRE, LDAP-Access-Requests

Wed, Sep 11

gerritbot added a project to T374386: Grant Access to wmf for EChukwukere-WMF: Patch-For-Review.
Wed, Sep 11, 10:30 PM · SRE, LDAP-Access-Requests
gerritbot added a comment to T374386: Grant Access to wmf for EChukwukere-WMF.

Change #1072311 had a related patch set uploaded (by Ladsgroup; author: Amir Sarabadani):

[operations/puppet@production] admin: Add echukwukere to ldap_only_users

https://gerrit.wikimedia.org/r/1072311

Wed, Sep 11, 10:30 PM · SRE, LDAP-Access-Requests
Ladsgroup added a comment to T374008: Grant Access to ldap/wmde, ldap/nda for Philippe Saade.

Almost ready, I need to check this https://wikitech.wikimedia.org/wiki/SRE/Clinic_Duty/Access_requests#WMDE_Group

Wed, Sep 11, 10:17 PM · SRE, LDAP-Access-Requests
gerritbot added a project to T374008: Grant Access to ldap/wmde, ldap/nda for Philippe Saade: Patch-For-Review.
Wed, Sep 11, 10:16 PM · SRE, LDAP-Access-Requests
gerritbot added a comment to T374008: Grant Access to ldap/wmde, ldap/nda for Philippe Saade.

Change #1072308 had a related patch set uploaded (by Ladsgroup; author: Amir Sarabadani):

[operations/puppet@production] admin: Add Philippe Saade to ldap_only_users

https://gerrit.wikimedia.org/r/1072308

Wed, Sep 11, 10:16 PM · SRE, LDAP-Access-Requests

Tue, Sep 10

jeremyb updated subscribers of T374406: Grant Access to logstash for Jeremyb.
In T374406#10133385, @Ladsgroup wrote:

It first needs a sponsor from a wmf staff.

Tue, Sep 10, 8:00 PM · WMF-NDA-Requests, SRE, LDAP-Access-Requests
Dzahn added a comment to T374406: Grant Access to logstash for Jeremyb.

so I can detect when I am spamming the logs before I disrupt the deployment train

Tue, Sep 10, 6:23 PM · WMF-NDA-Requests, SRE, LDAP-Access-Requests
KFrancis added a comment to T374406: Grant Access to logstash for Jeremyb.

Hi @jeremyb Thanks for checking in. We have sunsetted the L2 form. I am happy to facilitate an NDA from my end though. Please send your full name, email address, mailing address, and a few details about the access you'll need to [email protected] and I'll process an NDA for you to sign.

Tue, Sep 10, 4:26 PM · WMF-NDA-Requests, SRE, LDAP-Access-Requests
Linda-Rabea.Heyden_WMDE added a comment to T374008: Grant Access to ldap/wmde, ldap/nda for Philippe Saade.

Hi, I hereby approve the request from WMDE side!

Tue, Sep 10, 1:04 PM · SRE, LDAP-Access-Requests
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits